Re: [exim] tainted data issues

Página superior
Este mensaje es parte del siguiente hilo:
M-+\El árbol completo de hilos, ordenados por fecha
M\MMGregory Edigarov, mensaje del <-
MMJeremy Harris, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Jeremy Harris
Fecha:  
A: exim-users
Asunto: Re: [exim] tainted data issues
On 10/11/2020 09:33, Mike Tubby via Exim-users wrote:
> I am all for improved security but a single "step change" that breaks
> existing configurations is IMHO going too far.
>
>     taint_mode = off | warn | enforce

Warn and enforce, I could see as an interim measure.
But only interim - to be remove at some future release.

I do not think it should be possible to turn off. This
would make it pointless.


The coding to implement this would not be too hard.
The regression-testing impact is somewhat higher,
and I am not particularly incentivised to spend the effort,
personally. Do I hear volunteers?

There is also the forward-committed work of removing
it all later (and handling the same set of complaints
yet again). Otherwise it remains as a bolted-on
excrescence, hampering future maintenance.
--
Cheers,
Jeremy

Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: [exim] tainted data issuesRe: [exim] tainted data issues->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)