Does postal still use outdated rails?
That's the biggest issue I have with this project as a exposed web service and mail server is for me high risk especially with outdated software.
As Linux moves faster than windows I disagree.
Systemd, wayland and flatpak resetting my skills in this areas completely windows 11 is still more or less the same.
Additional the UI behavior also more often changed than windows e.g gnome 2 to newer versions many core apps are more minimal/less functions and yes I just can fork and use the old behavior as open source but then my pc is more about fixing issues like under windows.
High churn stuff in the Linux world is take-it-or-leave-it. You can go without and still end up aquiring skills that you use 20 years from now.
I haven't used Linux as a desktop since well before Systemd days. When I picked it up a few weeks ago (for a desktop), I had no trouble applying the troubleshooting skills I acquired 20 years ago to fix issues. In contrast, I had to drive someone's Windows laptop a while ago and I didn't know what I was looking at, never mind fixing anything.
> If bad actors can create valid tls certs they can solve the dnssec problem.
I think you have it backwards: by not running DNSSEC it can mean bad actors (at least a certain level) can MITM the DNS queries that are used to validate ACME certs.
It is now mandated that public CAs have to verify DNSSEC before issuing a cert:
If you mean MITM between DNS Server and CA (e.g. letsencrypt), thats on a level of BGP hacking (means for me government involved) and means they can just use a CA (e.g. Fina CA 2025 with cloudflare).
I think the risk didn't change much (except for big corp/bank).
reply