Am Mi., 6. Dez. 2017 um 13:06 Uhr schrieb Stuart Henderson <s...@spacehopper.org>: > OK for the fix. But guenther@'s comment from 2015 still stands - > > "Executive summary: delete the procmail port; the code is not safe and > should not be used as a basis for any further work." > > (https://marc.info/?l=openbsd-ports&m=141634350915839&w=2)
See also https://anarc.at/blog/2022-03-02-procmail-considered-harmful/ "TL;DR: procmail is a security liability and has been abandoned upstream for the last two decades. If you are still using it, you should probably drop everything and at least remove its SUID flag. There are plenty of alternatives to choose from, and conversion is a one-time, acceptable trade-off." Can we please drop the port (which hasn't been updated since 2017)? Best Martin
