On 10/11/2020 09:33, Mike Tubby via Exim-users wrote:
I am all for improved security but a single "step change" that breaks
existing configurations is IMHO going too far.
taint_mode = off | warn | enforce
Warn and enforce, I could see as an interim measure.
But only interim - to be remove at some future release.
I do not think it should be possible to turn off. This
would make it pointless.
The coding to implement this would not be too hard.
The regression-testing impact is somewhat higher,
and I am not particularly incentivised to spend the effort,
personally. Do I hear volunteers?
There is also the forward-committed work of removing
it all later (and handling the same set of complaints
yet again). Otherwise it remains as a bolted-on
excrescence, hampering future maintenance.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
