On Fri, Apr 29, 2022 at 05:16:45PM +0100, Andrew C Aitchison via Exim-users wrote:
> Given that taint checking appeared in Exim 4.93 and > allow_insecure_tainted_data in Exim 4.95, > this (Exim 4.96) would be the first time that allow_insecure_tainted_data > would actually be helpful. > > Is it just me, or are others worried about the new taint checking > having unexpected consequences and no way to disable it for debugging ? I'd prefer the allow_insecure_tainted_data never be removed, now or in the future. At the least, as an experimental feature that requires intentional enabling during a source build. At the worst as a separate community maintained patch against the official source for each new release. Maintaining production mail systems that handle millions of messages a month is no trivial feat, and a single taint failure can turn (and has turned) a routine upgrade plan into a mess. Thanks, Dean -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/