Re: [exim] exim-4.94.2+taintwarn - when will it be EOL?

Inizio della pagina
Delete this message
Reply to this message
Autore: Heiko Schlittermann
Data:  
To: exim-users
Oggetto: Re: [exim] exim-4.94.2+taintwarn - when will it be EOL?
Paul Muster via Exim-users <exim-users@???> (Di 25 Mai 2021 16:36:26 CEST):

> > > telling people about possible config breaking.
> > 4.95 is a major release.


Some clarification: The *branch* will be merged, but the "taintwarn"
feature won't disappear with 4.95.

But everybody should read the big red announcement that accompanies the
"taintwarn" feature: A *future* version of Exim will ignore this new (and
deprecated already now) option. Currently it is not clear, what "future"
means.

The option is meant as mitigation in case you upgrade from <4.94 to
>=4.94. In theory everybody should run 4.94.2 now (as all other versions

are not secure anymore. In practice backports to previous versions exist
(I know of 4.92.3 + security patches, others might exist.) So in theory
everybody now has the chance to make the configuration secure until we
release an Exim w/o the "taintwarn" feature.

But that's theory, as "officially" the "taintwarn" doesn't even exist.
It creeped into the 4.94.2+fixes branch silently, some may have it,
others may not have it. (Debian has it, e.g. And Debian was the reason
for me to develop it, as they want to ship 4.94, and w/o "taintwarn"
this would ask for trouble with all letters capitalized.)

> > And the intent of the taintwarn
> > addition is to not break anything.
>
> Yes, sure. But _EoL_ _of the taintwarn feature_ finally *will* break running
> configs. Therefore the taintwarn feature has been built - to make a step
> inbetween "works" and "breaks", the phase "warns". Isn't it?


We're not talking about EOL of the taintwarn feature right now. But its
EOL will be definitly in one of the next releases. But *not* in 4.95.

To rephrase it:

- Exim 4.95 will contain "taintwarn"
- It is meant as support for upgrading your config, w/o breaking your
setup instantly.
- With a future¹ release of Exim we will drop the "taintwarn" support.
- If you failed to upgrade your config, your setup will be broken with a
future¹ release of Exim.

¹) It is not decided yet, what "future" means. It may or may not be 4.96.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -