Date: Fri, 31 May 2019 16:47:21 -0600 From: Warner Losh <imp@bsdimp.com> To: John Baldwin <jhb@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: Re: svn commit: r348482 - stable/11/sys/netipsec Message-ID: <CANCZdfpaJSvpO-CGwrdxqJmO4tZ82pwKinQ4JSxtnofgBkR2Sg@mail.gmail.com> In-Reply-To: <15af7ff4-42c9-2020-4167-6e757317f38a@FreeBSD.org> References: <201905312026.x4VKQu3T051213@repo.freebsd.org> <15af7ff4-42c9-2020-4167-6e757317f38a@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 31, 2019 at 4:36 PM John Baldwin <jhb@freebsd.org> wrote: > On 5/31/19 1:26 PM, John Baldwin wrote: > > Author: jhb > > Date: Fri May 31 20:26:56 2019 > > New Revision: 348482 > > URL: https://svnweb.freebsd.org/changeset/base/348482 > > > > Log: > > MFC 348205: > > Add deprecation warnings for IPsec algorithms deprecated in RFC 8221. > > > > All of these algorithms are either explicitly marked MUST NOT, or they > > are implicitly MUST NOTs by virtue of not being included in IETF's > > list of protocols at all despite having assignments from IANA. > > > > Specifically, this adds warnings for the following ciphers: > > - des-cbc > > - blowfish-cbc > > - cast128-cbc > > - des-deriv > > - des-32iv > > - camellia-cbc > > > > Warnings for the following authentication algorithms are also added: > > - hmac-md5 > > - keyed-md5 > > - keyed-sha1 > > - hmac-ripemd160 > > > > Approved by: re (gjb) > > Sigh, so I just noticed while testing an MFC of another commit that adds > deprecation warnings (GELI) that these warnings don't actually fire in 11 > because gone_in(13, ...) only warns on 12.x and later: > > void > _gone_in(int major, const char *msg) > { > > gone_panic(major, P_OSREL_MAJOR(__FreeBSD_version), msg); > if (P_OSREL_MAJOR(__FreeBSD_version) >= major) > printf("Obsolete code will removed soon: %s\n", msg); > else if (P_OSREL_MAJOR(__FreeBSD_version) + 1 == major) > printf("Deprecated code (to be removed in FreeBSD %d): > %s\n", > major, msg); > } > > I guess we could make the later test unconditional on stable/11 (and > possibly > make that change on HEAD and MFC it)? I think I understand why we did that > originally (you could MFC warnings back to older branches without annoying > users to keep code in sync), but I wonder if in practice we don't want the > warnings always enabled? > "It seemed like a good idea at the time" I think is why we did it, but it turns out that it's not such a good idea. I agree: we should always warn in older branches because latter-day releases of those branches will be proximate to the removal time in major + 2. This is a perfect example of this. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfpaJSvpO-CGwrdxqJmO4tZ82pwKinQ4JSxtnofgBkR2Sg>