20 Jun
2016
20 Jun
'16
5:41 p.m.
I wrote:
As for how practical it would ever be to have this code in the real dillo someday, I think that comes down to: How good are distributions at making security updates available for their more obscure packages?
I realized this is an exceedingly trivial concern when compared with the fact that distributions have configured dillo with --enable-ssl for years despite the state of the old dpi and our all-caps warnings, thereby causing users to trust something they shouldn't.