Hi, On Sat, Dec 12, 2015 at 4:47 PM, Jonathan K. Bullard <jkbull...@gmail.com> wrote:
> > My tentative plan is to allow users to update without authorization > any files that are the "targets" of the following options: > I suppose, not just adding but also removing options will be allowed. There could be more options that are ok (i.e not unsafe) to remove but not change. > --askpass > --auth-user-pass > --ca > --cert > --dh > --extra-certs > --key > --pkcs1 > --static > --ta > --tls-auth --ta ? As remote cant change, several more options may be safe, though note necessarily very useful. Here are a couple of options that could help when the server is updated, for example --topology t (mainly to remove from client so that a new setting at the server can take effect through push -- say moving from net30 to subnet) --comp-lzo --secret (for non-tls) --auth --cipher Selva
