Renaud Allard <ren...@allard.it> wrote: > On 30/09/2023 16:32, Theo de Raadt wrote: > > I'll try to summarize my point. > > > > When less-secure AND more-secure pieces of software exist in the > > the same role/service area, I think it is valid for developers who > > care about security of their userbase to *DEMOTE* the less-secure > > variations. > > > > This kind of "hide the garbage" policy needs to exist somewhere > > in the greater community, otherwise we have a situation where > > software use is decided by "oh look, it is pretty". > > > > You are the captain of this boat. I think if there are bad fishes, you > will take the right decision.
I don't make any decisions in ports, I can only make comments. > After some discussion in the exim IRC channel, I am not sure there will > be fixes for everything soon. Given that one of the issues is in libspf2 > and there have been no updates in this project since 2021. Maybe we > should discard libspf2 too then, which means also milter-greylist. > Maybe it's time for a good cleanup. Well, contrast that with the 4 layers of defence added inside ssh-agent for dlopen being a broken interface. You do what you do....