Author: Jeremy Harris Date: To: exim-dev Subject: Re: [exim-dev] Survey
On 19/04/14 18:30, Todd Lyons wrote: > It's been 6 months since the last release of Exim 4.82. There has
> been a flurry of bug-fixing, refactoring, and a few new features.
> There's not really any major new feature, but the release guidelines
> do suggest that every 6 months we release a new version with whatever
> is in the tree.
>
> Can we get some votes yea or nay for beginning a release cycle for Exim 4.83?
Yes.
> Last release I didn't give enough time between announcing the
> beginning of the release cycle and code freeze, this time will be
> longer, we'll say 2 weeks from the announcement. I'm open to
> suggestions of whether that time should be longer or shorter.
Aiming for 2 sounds reasonable.
We should also consider promoting some EXPERIMENTAL_FOO features:
- TPDA and PRDR seem noncontroversial.
- OCSP is more complicated. We have support for OCSP-stapling
per. RFC 6066 under OpenSSL, and I've been running this in production
with no issues. GnuTLS support isn't there, and isn't feasible with
pre-3.0.0 gnutls libraries (adding this support with the later
library versions is on my list). This RFC provides for assurance
of non-revocation of the server cert; it does nothing for the
rest of the certificate chain.
There is an rfc (6961) for addressing this; OpenSSL and Mozilla have
open RFEs for implementations. I've not seen any hint of gnuTLS support.
We won't be able to do anything with this until either OpenSSL or gnuTLS
support arrives.
We don't support traditional (non-stapled) OCSP at all. RFC 6960
defines the reqest/response protocol and RFC 5280 a certicate extension
field for publishing an http ocsp responder's URL. I don't think it
is Exim's place to have all the support required inbuilt, but we
might wish to provide enough hooks to enable use of external facilities.
I'm making a start with cert-field extractor expansions (bug 1358);
also needed would be access to all certs of a chain, and means for
denying validation of any one such.
I don't want to touch CRLs with a bargepole.
- Other features, on which I have no opinion:
-- DCC
-- SPF
-- SRS
-- BRIGHTMAIL
-- DMARC
-- REDIS
-- PROXY