From owner-freebsd-current@freebsd.org Tue May 28 22:01:10 2019 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 174A515ADB25 for ; Tue, 28 May 2019 22:01:10 +0000 (UTC) (envelope-from delphij@gmail.com) Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0CDF76D42E for ; Tue, 28 May 2019 22:01:09 +0000 (UTC) (envelope-from delphij@gmail.com) Received: by mail-io1-xd41.google.com with SMTP id f22so25829iol.11 for ; Tue, 28 May 2019 15:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ffAIOE7PQi3vQQnsptErGq6e3d2sr/g8zvtFuS+L8aM=; b=jqG0cGTUE3O9y6HZ1adqbtM2Zg0i3mAKG1/D4WWP5KYBvGRxA9B9Qjtw52oJbAf7u5 0Ib4gSxHDvI9zDh5o1LS4rVDiILkZuUrLnoDl/S/Zi2MtDXahaD5anN29ePEgKttURVo 5XI0iCVp/cgH8NY0GaVCMUVtbAQf5+lVr4i3Ka8lxMHje7idAqUObx/3lUnl3PeH+BtJ mQpQLgHHXsJyKfuZnX+kBuLIRX9WFVOts9VEYsNYYr0wGVe8yc30LoANtOWwvNwttVfu e0b/P++fR+hj0m9AZSGMvsTIT/7Zt95meF3RviAhHFdShfWznRF+jKC6xfbfXBCqOpjk p6TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ffAIOE7PQi3vQQnsptErGq6e3d2sr/g8zvtFuS+L8aM=; b=HlGl+kVestFKF4inOg+1mtff3JdDmQ2thNKvR2rnYU59azC40vEiIL5UtXse9sItzu idNijpV8pCUjMT12590MghtGTt8lx7roJfdznWlZLhFi14VOoZgjomgZyIAcLXiYOuGq vsLGd70mHeUZWW9aqRNHNzlXhaQ5Vje4ADSDgetNZc/+CqnL/i5NkDFl9a6wuI8Lw3ih HaXe5dZN75jbYeMelhf9FrB8eXJgartprmmmkUzWp4ZyHOc8WoMwHIdlGIM3ziU0j34U SKriehYGIqzoPmqZHM1JVqujGzwdtsx/LRUdoX5vcqvOCJlFJKOia8NzRQa3zk54atM/ ngxg== X-Gm-Message-State: APjAAAW4uF+86hJDyts0rCdLwiMO9RazUgOafQEd2p5KbSdYlFPl3pLR 67m6zygWnnTOp3Aq02YohkV+9rT+SpnEoDfWnsSuLA== X-Google-Smtp-Source: APXvYqzwt16YXYtFLy0WIvlrNxo80PsTpYuTOXaomIBC6up2aVhPbs76hiXbjQmQEuuxkIDOoAEWJDo5srxA0o1Yqxo= X-Received: by 2002:a5d:9352:: with SMTP id i18mr16310762ioo.177.1559080867805; Tue, 28 May 2019 15:01:07 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Xin LI Date: Tue, 28 May 2019 15:00:54 -0700 Message-ID: Subject: Re: Disabling COMPAT_FREEBSD4/5/6/7/9 as a default kernel option To: voidanix@420blaze.it Cc: FreeBSD Current X-Rspamd-Queue-Id: 0CDF76D42E X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=jqG0cGTU; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of delphij@gmail.com designates 2607:f8b0:4864:20::d41 as permitted sender) smtp.mailfrom=delphij@gmail.com X-Spamd-Result: default: False [-4.26 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.38)[-0.380,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[1.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-0.87)[ip: (1.29), ipnet: 2607:f8b0::/32(-3.30), asn: 15169(-2.29), country: US(-0.06)]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 May 2019 22:01:10 -0000 On Mon, May 27, 2019 at 7:08 AM wrote: > Hello, > I wanted to discuss about bug 231768 a bit: it is about keeping > COMPAT_FREEBSD4/5/6/7/9 on by default in the kernel configs. > > The patch attached for the bug is for disabling these options by > default, following a few reasons which I'm going to list here: > - Keeping support for deprecated libraries isn't exactly the best we > could do to avoid security issues (if there are any) as I'm sure nobody > wants to spend that much time maintaining such stuff (it's enough to > think about misc/compat4x in the ports tree: that version of FreeBSD was > released on March 2000 and keeping 19 years old libraries around isn't > ideal) > To accomplish this goal, a prerequisite would be to remove libc.a (possibly also libthr.a as well as anything that makes a direct system call). I'd rather see that happen first. > - Devs should get track of time and realize that developing software > using unsupported libraries is NOT something that you should do > - Only a tiny fraction of the ports need COMPAT_FREEBSD9 or older: > if the software won't compile without the legacy components (and has a > replacement of some kind), considering removal wouldn't be a bad idea > - This is on by default: most users don't care or don't use binaries > that old > > I don't see any practical reason to keep these options on by default, > but I do appreciate any sort of input regarding this issue. > Because users would find a way (e.g. by not upgrading) which further undermines their security? I know quite some Windows users would disable Windows Update for the exact same reason, if you break backward compatibility, your credibility is broken and it is much harder to regain the trust. Cheers,