Re: exim

On 30/09/2023 16:32, Theo de Raadt wrote:
> I'll try to summarize my point.
>
> When less-secure AND more-secure pieces of software exist in the
> the same role/service area, I think it is valid for developers who
> care about security of their userbase to *DEMOTE* the less-secure
> variations.
>
> This kind of "hide the garbage" policy needs to exist somewhere
> in the greater community, otherwise we have a situation where
> software use is decided by "oh look, it is pretty".
>

You are the captain of this boat. I think if there are bad fishes, you
will take the right decision.
After some discussion in the exim IRC channel, I am not sure there will
be fixes for everything soon. Given that one of the issues is in libspf2
and there have been no updates in this project since 2021. Maybe we
should discard libspf2 too then, which means also milter-greylist.
Maybe it's time for a good cleanup.