> On 20 Dec 2020, at 02:09, Todd C. Miller <mill...@openbsd.org> wrote: > > I like this direction but I worry about breaking existing configs. > How are we going to alert existing users that they need to update > their configs if the behavior silently changes? > > - todd
I agree and this diff was more to suggest a direction and spark discussion than a request to get this in. Today there’s no way to disable forward files and OpenBSD supports two releases. If we agreed this is the right direction then we could have a two-release plan: 1- introduce the keyword but not require it yet 2- add the keyword to the default configuration file 3- throw in a warning in logs whenever a .forward file is used with an action that doesn’t have the keyword set With this, existing setups would not break but start warning that a configuration file change is required. If the configuration change is made, the warnings stop right away. People get two releases to fix their configuration before the keyword becomes mandatory. I’ll address other concerns raised by semarie@ and deraadt@ as a reply to their mail.
