Use of inotify and possibly other mechanisms poses portability risks.
Notably, "cross-platform" abstractions such as fsnotify library remove
access to certain features that are important to use it correctly in
some cases e.g. it is preferable to listen only for IN_CLOSE_WRITE on
Linux instead of IN_MODIFY to prevent races and unexpected failures.
Pooling approach avoids such problems by either running reload code at a
different time than actual renewal or retrying later if parse fails.
With certificates being renewed before expiry (e.g. 1 week before) delay
is not a signficiant problem.
Closes#160.
DANE is complex and requires its own (potentially lengthy) tutorial on
how to configure it properly. MTA-STS, on the other hand, is designed to
be simple to deploy so recommend to configure it in the Setting up
tutorial.
In some cases, such usage may be desired but it is not supported by the
default maddy configuration for security reasons.
This page replaces examples/remote-aliases.conf example as it provides a
much more detailed explanation.
