On 2010-12-13 at 22:00 +0000, David Woodhouse wrote: > Perhaps a *build* time option with a colon-separated list of the macros > which are permitted to be defined (with no content)?
Sounds good. I might permit numbers as a value. I guess one common override besides 0/1 is for port-numbers. > I'm still inclined to think that putting the macros into a config file > and using .include would be easier. Yes. We recommend that, going forward, and mention that the build-time option list is a migration easing method, to buy time for sysadmins/vendors to migrate their other systems. We can document that no new systems should be using it and we recommend avoiding it, as it may be removed in the future; but for those currently using -D on the command-line for the daemon we have the option to make it as easy as possible for them to migrate to a version with the improved security and let them *schedule* doing the work to migrate the configs to another approach over the coming months, at their pace. Forced changes are overhead tax for running software and can cause resentment; no item is bad in and of itself, but when you run a lot of software, it adds up. Since we're making a non-backwards-compatible change, we need to ease the immediate hit and let people plan around the changes they'll need going forward. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
