At best I think this is a feature request, and one we would almost certainly not backport to existing stable releases because it would imply a definite behavior change. As such we should make this public (not even public security) and tag it as a security hardening measure as well as possibly an existing but perhaps not well known behavior which the OSSG may want to cover in future updates to the security manual or a security note.
Adding OSSG core security reviewers for additional input.
I don't think this is something the VMT could issue an advisory about. Does anyone object?
At best I think this is a feature request, and one we would almost certainly not backport to existing stable releases because it would imply a definite behavior change. As such we should make this public (not even public security) and tag it as a security hardening measure as well as possibly an existing but perhaps not well known behavior which the OSSG may want to cover in future updates to the security manual or a security note.
Adding OSSG core security reviewers for additional input.
I don't think this is something the VMT could issue an advisory about. Does anyone object?