On 2020-06-01 13:30, Theo de Raadt wrote: >> I wonder, if 99% of users just use /etc/ssl/cert.pem? whether a flag that >> breaks/enables other use cases (removes capath support at runtime), might >> work?
> I guess you don't understand unveil. You didn't understand what Stuart > just said *at all*. > I do understand unveil, well enough to apply it but I guess not to ftp. I guess capath isn't preventing tightening the veil then, unless -S is used or I am even further out of touch with the conversation. > Sounds completely unrelated. > Let's cut this short -- if you don't know what you are talking about > just don't comment, ok? Unrelated to improving ftp, considering OpenBSD wouldn't switch to single user designs, sure. I shall try to make sure I understand the details and only comment, when I can contribute.
