Theo de Raadt wrote: > In general, I think -portable's should not add it back without really > clear justification. The automatic tunnels are just as risky outside > OpenBSD, because their packet filter tools encounter the same > difficulty protecting against abuse.
But in this case, using the option is the safer choice, right? So all the portable code should be doing this. > Inside our ports tree, how much software is aware of this? Very > little. So why should our -portable code be aware of it, when so > many people on our side reject the concept? One might argue that even if the option is a nop, it is the correct way to write an IPv6 program, and therefore should be done always. I think we should produce an operating system with safe defaults. But it is dangerous to write software with implicit dependencies on those defaults.
