On Thu, 18 Feb 2021, Mara Sophie Grosch wrote: > >(after all, they could already send it to an entirely different host) > >but maybe I'm missing something... > > I think if an attacker controls DNS, it's a lost game anyway. Current It’s still a level of indirection that isn’t traditionally used, and which makes me a bit nervous, especially considering name resolution is not just DNS (think /etc/hosts for example). I’d prefer for this “feature” to be disabled by default and stay that way. bye, //mirabilos -- «MyISAM tables -will- get corrupted eventually. This is a fact of life. » “mysql is about as much database as ms access” – “MSSQL at least descends from a database” “it's a rebranded SyBase” “MySQL however was born from a flatfile and went downhill from there” – “at least jetDB doesn’t claim to be a database” (#nosec) ‣‣‣ Please let MySQL and MariaDB finally die! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
