On 30/03/2019 23:27, Mouse wrote:
> (Rule of thumb: anyone who calls something "secure" or
> "insecure" without giving any indication of the threat model in
> question either doesn't understand security or hopes you don't; neither
> alternative is good. It's not universally applicable - here, for
> example, I suspect you were just being a bit over-brief - but it's been
> remarkably useful to me.)
Deeming it insecure on that basis of all the bug fixes upstream have
which haven't been merged in our tree since our last sync including
published patches from around this point onwards:
https://www.openbsd.org/errata42.html both of which need to be evaluated
to see if applicable.
Also on the basis of nobody doing this for years, I'd say this is prime evidence for there being no effective maintainer for years.
Warner