From owner-freebsd-current@FreeBSD.ORG Thu Feb 2 00:49:16 2006 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83E1216A420 for ; Thu, 2 Feb 2006 00:49:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 202D543D45 for ; Thu, 2 Feb 2006 00:49:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 95D7346B4C; Wed, 1 Feb 2006 19:49:06 -0500 (EST) Date: Thu, 2 Feb 2006 00:51:13 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Kris Kennaway In-Reply-To: <20060202004044.GA99245@xor.obsecurity.org> Message-ID: <20060202004845.C87763@fledge.watson.org> References: <20060201221213.L87763@fledge.watson.org> <43E134AB.8000600@t-hosting.hu> <20060201222704.G87763@fledge.watson.org> <43E14C53.3060400@rogers.com> <20060202004044.GA99245@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Mike Jakubik , K?vesd?n G?bor , current@FreeBSD.org, trustedbsd-audit@TrustedBSD.org Subject: Re: HEADS UP: Audit integration into CVS in progress, some tree disruption X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2006 00:49:16 -0000 On Wed, 1 Feb 2006, Kris Kennaway wrote: >> Personally, i would like to see less "experimental" code in 6.1. Perhaps it >> would be better to wait until everyone feels the code is ready? > > Why do you care if code that is not enabled by default is present in the > system? :-) Well, I think there are some potential risks. The main ones are: (1) That the unconditionally compiled bits cause problems. Primarily this is the audit support in login, sshd, etc. Apple has been running with basically the same code for a couple of years now, but there is always risk in change. (2) Risk to users who do try the experimental support and run into bugs, or run into things that we will change for a 6.2 release as we fix problems. The first set is happily quite a small set; the second set of potential problems is something that we'll need to think about and manage carefully. We're not yet committed to audit3 in RELENG_6_2, in the sense that there's a long way to go and nothing is in that tree yet. It would be quite desirable though, if we can pull it all together. In a week or so, we'll have a much better idea of how things look. Maybe we can get you to run audit on the ports build cluster. :-) Robert N M Watson