Matt Kettler writes: > Justin Mason wrote: > > To be honest, I intended them as a whitelist ;) > > > > If a message never touched an untrusted host (ALL_TRUSTED), in > > a correctly-configured trust setup, is that not safe to whitelist? > > > > > Only if the trust-path auto-detector code works perfectly, for all > sites. Which is impossible.
Yep. But if it is conservative, and doesn't over-extend trust beyond the trusted nets any more, that would be safe enough I think... --j.
