Andreas Metzler via Exim-dev <exim-dev@???> (Sa 30 Apr 2022 10:34:23 CEST):
>
> People upgrading directly from < 4.93 to 4.96 would still have to deal
> with hard breakage on upgrades, but requirig a two step upgrade might be
> considered a fair compromise.
Yes, that's something I'm thinking about too.
4.95: "allow_insecure_tainted_data" allows a smooth upgrade from 4.94
4.96: "allow_insecure_tainted_data" doesn't cover all that taint issues
that were "accepted" (turned into warnings) for 4.95, but turns
the new implemented errors into warnings.
… and so on
That is, having always one release as a grace period to sort out the taint
issues.
We have quite complex configurations and there isn't always a way to
test them in advance. Rolling back during an update isn't an option in
many cases, and prevents further checking, as the the previous versions
works, and maybe breaks with config changes I made already to comply
with our new taint checks.
--
Heiko
