Remove undocumented backtick syntax in sympa.conf

[ikedas]

Backtick syntax (`...`) in sympa.conf should be removed, because it allows to execute arbitrary code.

Note: that syntax has not been documented yet.

[racke]

Reported as Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980451

[ikedas]

Comes under #1009.

[racke]

Debian uses the backtick in the following fashion:

cookie	`/usr/bin/head -n1 /etc/sympa/cookie`

I can get rid of that, but my question is the cookie value needed at all with recent Sympa release? It is not listed in the skeleton sympa.conf shipped with Sympa.

@ikedas @dverdin Any comment appreciated.

[racke]

Thanks a lot, @dverdin. So I only use the cookie parameter if present and leave it empty when installing Sympa Debian package for the first time.

[dverdin]

Yes. and that explains why it is not shipped with Sympa anymore.

[racke]

OK so it is another spot in the documentation that needs to be filled.

[dverdin]

I can dot it if nobody disagrees.

[racke]

Yes, but let's move that to a fresh issue.

[dverdin]

Separation of concerns. You're right.
I'll do a proposal.

[ikedas]

See #1091 for obsoletion of cookie parameter.

[mitar]

I am upgrading to a new version of Sympa and I am really sad to see this go. I was using this through cat ... for db_passwd so that the password is not stored in the main file (which can then be baked in into a public Docker image while the password can be then provided at container runtime).

I do not see any alternatives here? Sympa does not support config file includes? So I agree that supporting arbitrary commands it not reasonable, but being able to split config file into smaller files, including them from a directory like sympa.conf.d would be great. Am I right that this is not supported currently?

[mitar]

I see that there is old issue #17 which is still open, while this feature was removed. So there is no workaround. :-(