On Mon, Dec 02, 2024 at 08:00:23AM +0100, Claudio Jeker wrote:
> > On Fri, Nov 29, 2024 at 08:32:28AM -0700, Theo de Raadt wrote:
> > > I fear that the -x option will eventually become a useful crutch to
> > > block other behaviours.  Maybe this should be -0, to be more be
> > > explicit about this AS0 issue.  In the manual page, AS0 support being
> > > tied to a specific flag called -0 makes it easier to make the public
> > > aware of this problem and the decision for AS0 non-support.
> > 
> > How about
> 
> To be honest, I don't really understand why we need this.
> We will not ship an AS0-TAL by default. So the operator already opted into
> this by installing this AS0-TAL by themselfs.
> Now you want an extra flag on top of that?
> Do you fear that on other distributions they will add bad tals by
> default?

That indeed is a possibility that cannot be excluded from consideration.

Feedback from network operators on the principle of this diff has been
quite positive, along the lines of "yup, something like this seems
helpful".

Kind regards,

Job