On 2025/08/03 4:14 PM, Andreas Metzler via Exim-users wrote:
On 2025-07-25 Moritz Orbach via Exim-users <[email protected]> wrote:
Hi all,
I don't trust libspf2 anymore because after almost 2 years it's still
unclear to me if CVE-2023-42118 is fixed or not (e.g.
https://bugs.gentoo.org/916493#c2).
[...]
Please note that OpenDMARC does not look a lot better than libspf. Last
release in 2021, about 7 commits (excluding merges) since then.
We should be careful to not infer "moribund" merely from stability.
If something works properly, there is no need for change.
A better question might be "if there are any issues, are they being fixed?"
I have no knowledge on that with respect to OpenDMARC.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
