Date: Thu, 16 Feb 2023 04:53:43 +0000 From: Colin Percival <cperciva@tarsnap.com> To: freebsd-arch@freebsd.org Subject: RFC: Removing WITHOUT_CAPSICUM and WITHOUT_CASPER from 14.x Message-ID: <01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@email.amazonses.com>
next in thread | raw e-mail | index | archive | help
Hi FreeBSD architects,
I'd like to remove WITHOUT_CAPSICUM and WITHOUT_CASPER for FreeBSD 14.x.
The rationale for this is threefold:
1. They doesn't serve any useful purpose and merely weakens security;
2. They're an anomaly among WITH/WITHOUT options -- most WITHOUT_* options
take the form "don't build/install <components>" rather than having
effects across the entire tree.
3. They're a pain for release engineering, because approximately nobody ever
tests FreeBSD with WITHOUT_CAPSICUM or WITHOUT_CASPER set, but they're the
sort of option which can easily break the build due to having affects all
over the tree.
If nobody objects, my plan is to get rid of the WITHOUT_ build options first
and leave MK_{CAPSICUM,CASPER} set unconditionally to "yes"; then sweep the
tree (mostly a matter of running unifdef) after 14.x is branched.
--
Colin Percival
FreeBSD Deputy Release Engineer & EC2 platform maintainer
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000>