On Sun Apr 11, 2021 at 3:56 PM EDT, Ævar Arnfjörð Bjarmason wrote: > I suggest we don't compromise and just go with whatever you're OK with :) Well, if you're giving me an opportunity to not drag this out into a multi-phase rollout, then I'll take it :) Another option is to forbid an unknown value (which is almost certainly (1) wrong and (2) causing users to unexpectedly use plaintext when they expected encryption), file a CVE, and pitch it as a security fix - then we can expect a reasonably quick rollout of the change to the ecosystem at large.
