For a 200kb task that runs once a day/week? I think you can just run this certbot stuff under a different user, people are probably just to 'lazy' to adapt this.
if you put all that into docker you can mitigate the privilege issue - you only need to chown the letsencrypt files as needed while copying them to the directories for the dovecot certificates.
Am 23. Januar 2025 um 09:34 schrieb "Marc via dovecot" <dovecot@dovecot.org mailto:dovecot@dovecot.org?to=%22Marc%20via%20dovecot%22%20%3Cdovecot%40 dovecot.org%3E >:
I have 0 issues 2-3 years. Besides what can be the issues with some
shell scripting. Better than having some code running as root.
I guess you see issues here, because if you ask at letsencrypt who can
you sue if they issue a false certificate, why they are not hosting in Europe, why they run as root, you get blocked.
(...)
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org