From nobody Thu Feb 16 04:53:43 2023 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PHMzF4x9Hz3s4bl for ; Thu, 16 Feb 2023 04:53:45 +0000 (UTC) (envelope-from 01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@amazonses.com) Received: from a8-60.smtp-out.amazonses.com (a8-60.smtp-out.amazonses.com [54.240.8.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PHMzD0k2Tz4T2J for ; Thu, 16 Feb 2023 04:53:44 +0000 (UTC) (envelope-from 01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@amazonses.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn header.b=KMqjSXcw; dkim=pass header.d=amazonses.com header.s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw header.b=Kt3W9DzZ; spf=pass (mx1.freebsd.org: domain of 01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@amazonses.com designates 54.240.8.60 as permitted sender) smtp.mailfrom=01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@amazonses.com; dmarc=pass (policy=none) header.from=tarsnap.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1676523223; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type:Content-Transfer-Encoding; bh=MG39D5Q7qIvfEu54/DROTErSNqQJihCd/lGyQjBZW5Y=; b=KMqjSXcws6zCDewuR6C3bxmdae4Xv1D2fF1POWMHK132hK3oXpIMcB/B4KtOv0uc HA6IY9/0pS/6X5m5opVMswjjOiECBqWwKcIHrhS22rPee5r/RPXgqMyH99R78kycA4K 5bvhAyC3b4h1M+ZcAnLwudEc9+2PaeZLGPAXWLxc= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1676523223; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=MG39D5Q7qIvfEu54/DROTErSNqQJihCd/lGyQjBZW5Y=; b=Kt3W9DzZxtyr7N95mIC/nFfaKhKR8x7lsN7n6VJcrkGTC4HimLty820vbWOyL2RI PrqJ92oK3vh/yB8zkApz6dLuOrFqALHFO6u+iPEH+PmhJFaP/Ic1NcfOuO3rZ/V9jRj v8CqcS14Z1rmjR1qWFaQTRgMv0flCAXYI8GpDoSg= Message-ID: <01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@email.amazonses.com> Date: Thu, 16 Feb 2023 04:53:43 +0000 List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Content-Language: en-US To: freebsd-arch@freebsd.org From: Colin Percival Subject: RFC: Removing WITHOUT_CAPSICUM and WITHOUT_CASPER from 14.x Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-SES-Outgoing: 2023.02.16-54.240.8.60 X-Spamd-Result: default: False [-1.02 / 15.00]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; NEURAL_HAM_MEDIUM(-0.83)[-0.826]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@amazonses.com]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn,amazonses.com:s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw]; MIME_GOOD(-0.10)[text/plain]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[freebsd-arch@freebsd.org]; RCVD_COUNT_ZERO(0.00)[0]; RWL_MAILSPIKE_POSSIBLE(0.00)[54.240.8.60:from]; ARC_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@amazonses.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.60:from]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_NONE(0.00)[amazonses.com:dkim] X-Rspamd-Queue-Id: 4PHMzD0k2Tz4T2J X-Spamd-Bar: - X-ThisMailContainsUnwantedMimeParts: N Hi FreeBSD architects, I'd like to remove WITHOUT_CAPSICUM and WITHOUT_CASPER for FreeBSD 14.x. The rationale for this is threefold: 1. They doesn't serve any useful purpose and merely weakens security; 2. They're an anomaly among WITH/WITHOUT options -- most WITHOUT_* options take the form "don't build/install " rather than having effects across the entire tree. 3. They're a pain for release engineering, because approximately nobody ever tests FreeBSD with WITHOUT_CAPSICUM or WITHOUT_CASPER set, but they're the sort of option which can easily break the build due to having affects all over the tree. If nobody objects, my plan is to get rid of the WITHOUT_ build options first and leave MK_{CAPSICUM,CASPER} set unconditionally to "yes"; then sweep the tree (mostly a matter of running unifdef) after 14.x is branched. -- Colin Percival FreeBSD Deputy Release Engineer & EC2 platform maintainer Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid