On 2020-06-01 13:30, Theo de Raadt wrote:
>> I wonder, if 99% of users just use /etc/ssl/cert.pem? whether a flag that
>> breaks/enables other use cases (removes capath support at runtime), might work?
> I guess you don't understand unveil. You didn't understand what Stuart
> just said *at all*.
>
I do understand unveil, well enough to apply it but I guess not to ftp. I guess
capath isn't preventing tightening the veil then, unless -S is used or I am even
further out of touch with the conversation.
> Sounds completely unrelated.
> Let's cut this short -- if you don't know what you are talking about
> just don't comment, ok?
Unrelated to improving ftp, considering OpenBSD wouldn't switch to single user
designs, sure. I shall try to make sure I understand the details and only
comment, when I can contribute.
No comments:
Post a Comment