From owner-cvs-all@FreeBSD.ORG Thu Apr 26 13:41:57 2007 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 579C416A408 for ; Thu, 26 Apr 2007 13:41:57 +0000 (UTC) (envelope-from ups@freebsd.org) Received: from smtpauth14.prod.mesa1.secureserver.net (smtpauth14.prod.mesa1.secureserver.net [64.202.165.39]) by mx1.freebsd.org (Postfix) with SMTP id 1C9B913C4BC for ; Thu, 26 Apr 2007 13:41:56 +0000 (UTC) (envelope-from ups@freebsd.org) Received: (qmail 2669 invoked from network); 26 Apr 2007 13:41:56 -0000 Received: from unknown (66.23.216.53) by smtpauth14.prod.mesa1.secureserver.net (64.202.165.39) with ESMTP; 26 Apr 2007 13:41:56 -0000 Message-ID: <4630AC27.6080408@freebsd.org> Date: Thu, 26 Apr 2007 09:41:59 -0400 From: Stephan Uphoff User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Yar Tikhiy References: <200704211417.l3LEHUKK078832@repoman.freebsd.org> <462A27CD.5090006@freebsd.org> <1177170852.32761.0.camel@localhost> <20070424091858.GA31094@comp.chem.msu.su> <462FA0BC.8020207@freebsd.org> <20070426054228.GA53614@comp.chem.msu.su> <463049C6.9080100@samsco.org> <20070426082958.GC53614@comp.chem.msu.su> <4630659E.9040300@samsco.org> <20070426092021.GD53614@comp.chem.msu.su> In-Reply-To: <20070426092021.GD53614@comp.chem.msu.su> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Scott Long , src-committers@FreeBSD.org, Andre Oppermann , cvs-src@FreeBSD.org, cvs-all@FreeBSD.org, Coleman Kane Subject: Re: cvs commit: src/sys/amd64/amd64 pmap.c src/sys/i386/i386 pmap.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2007 13:41:57 -0000 Yar Tikhiy wrote: > On Thu, Apr 26, 2007 at 02:41:02AM -0600, Scott Long wrote: > >> Yar Tikhiy wrote: >> >>> On Thu, Apr 26, 2007 at 12:42:14AM -0600, Scott Long wrote: >>> >>>> Yar Tikhiy wrote: >>>> >>>>> On Wed, Apr 25, 2007 at 02:41:00PM -0400, Stephan Uphoff wrote: >>>>> >>>>>> Yar Tikhiy wrote: >>>>>> >>>>>>> On Sat, Apr 21, 2007 at 09:54:12AM -0600, Coleman Kane wrote: >>>>>>> >>>>>>> >>>>>>>> On Sat, 2007-04-21 at 17:03 +0200, Andre Oppermann wrote: >>>>>>>> >>>>>>>> >>>>>>>>> Stephan Uphoff wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>>> ups 2007-04-21 14:17:30 UTC >>>>>>>>>> >>>>>>>>>> FreeBSD src repository >>>>>>>>>> >>>>>>>>>> Modified files: >>>>>>>>>> sys/amd64/amd64 pmap.c >>>>>>>>>> sys/i386/i386 pmap.c >>>>>>>>>> Log: >>>>>>>>>> Modify TLB invalidation handling. >>>>>>>>>> >>>>>>>>>> Reviewed by: alc@, peter@ >>>>>>>>>> MFC after: 1 week >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Could you be a bit more verbose what changed here and why it >>>>>>>>> was done? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> I agree. I would really like to know what the modification >>>>>>>> accomplishes. >>>>>>>> >>>>>>>> >>>>>>> Alas, we don't live in an ideal world. If we did, our commit >>>>>>> messages would always follow the well-known guideline: >>>>>>> >>>>>>> 0. Tell the essence of the change. >>>>>>> 1. Give the reason for the change. >>>>>>> 2. Explain the change unless it's trivial. >>>>>>> >>>>>>> >>>>>>> >>>>>> In the ideal world there are no NDAs :-) >>>>>> >>>>> Was the change based on a document under NDA? Then this case raises >>>>> an interesting question: to what extent an open source developer >>>>> is allowed to explain his code that was based on a document under >>>>> NDA? Of course, it should depend on the NDA, but I suspect that a >>>>> typical NDA requires a lawyer to interpret it unambiguously (I've >>>>> never signed one by myself), and an overcautious lawyer would say >>>>> that the open source code itself violates the NDA because anybody >>>>> can RTFS. :-) >>>>> >>>>> >>>> Wow, that was painful to read. NDAs that specifically allow source >>>> code licensing and distribution are quite common. They even get written >>>> and reviewed by lawyers! =-) >>>> >>> It's a good news! But what about explaining the code to the public? >>> >>> - Mr. Developer, why does it take an ugly hack to make the device work? >>> - Can't tell ya, I'm under NDA. >>> >>> >> I think you have to respect that John and Stephan were doing the right >> thing with this. This was no different than a security fix that gets >> committed before the vulnerability is disclosed. No one seems to get >> upset that the security team operates this way. >> > > John and Stephan are doing a great job in any case, but I fail to > understand your point. I can't see how the two cases can be the > same. A fixed vulnerability is no more a threat to security, but > NDA doesn't get cancelled upon the commit. So I was curious about > how much knowledge a developer is legally allowed to relay to the > community besides the code itself if he is tied by NDA. > > In this specific case the vendor was really helpful and just wanted to give us a chance to fix the code before publishing the documentation that described why it was needed. The vendor worked with me to get the fix in the tree before the document publication date and as such there was no problem with the NDA. Yesterday the vendor published the documentation and as planned I could then comment on why the changes were needed. In general I agree that source code written with documents under NDAs can not be fully understood/verified without access to these documents and as such does not fully benefit from the automatic open source review process. And I am really happy that now that the relevant document is published everyone can review my changes. Stephan