From owner-svn-src-head@freebsd.org Thu Jun 21 21:45:34 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53A121001152 for ; Thu, 21 Jun 2018 21:45:34 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C2A4A8FE35 for ; Thu, 21 Jun 2018 21:45:33 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-io0-x229.google.com with SMTP id f1-v6so4356446ioh.6 for ; Thu, 21 Jun 2018 14:45:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=KMFkxN28CMf4OOcSDvzzuMlhK6J7IP89uhrHbZHk/H0=; b=XY0OZH8a8TRbxnw42BK72YuiemsMIX6CBxU18maFYOgXKKuW2f15oXSaIuHKrltPe0 65rEUgnB0bfY/u32OfVAzM0LwmS/BsHurYDfabYsoFRyu7EzFMfNr9yVfOv+Yau8RDL7 g2HT6wN8BrYycBfN2fJbcm2p1vkBlqc03R5kfxiqpTJWkEy3BV4HJqn0m0+VHvPpC/l/ WrcXk+tGSLNtfHcjYUq4i/gZqmIWNXagH/83qSlzmGIdghLXheuaahSfuNJSWSEj8dau /zMDkv2Ndw3BDtFPNr8Ddogjm61KYFaq5d2EjzovuQYxcfA7gaXHUsM5c2tr6AXPYB5Q 4kWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=KMFkxN28CMf4OOcSDvzzuMlhK6J7IP89uhrHbZHk/H0=; b=p8goK3yAMMqJa7MDLx2QyV8Bk3t1FcBCHpcTxqnoIZWWUzAQ2YmrOjWwcnOg+/w0xC DG/NKeQuU1fC3ZsSkuJHdHl12hv9zhPd32Zgt5g4b5e7Yhl8SCpgC/4/KACxoCDvi4A+ aqe3/tzYDhm5w0BE3YHINybNb6eIwDaru6DMWLs44pIgCFCJjVwriunYI5sk+KTWgeoy wlc2gQOozmraqVZS/MXJzmus+pI6NR6Wqjh4zHLJ39sdlBtOIWknhMUwEH9cfLgSx+Fy diGiHV4JwqP9xoaRP2a9cuIXaiTtQy7M4Q+BIE5jRa+pfm4reomVxCPs3mBacQyjoGeh dQxg== X-Gm-Message-State: APt69E2KqFxMpqOyyL8qgUNPijg8XbeTM/LPsSt8HJjGZQPher+WHPyP 9AkcxfmJ3SG9MN1f3sd0xUrcUlOQMeU8WdGpI2GFOg== X-Google-Smtp-Source: ADUXVKKBW8AtQnrfQ1d/6JXxqcPPMf1544H8EtNYPFsifOAKfJzbGgiT5KeGx6ANNe5ogpztyEYQbSevSLep9wYG7/A= X-Received: by 2002:a6b:284b:: with SMTP id o72-v6mr22137211ioo.168.1529617533024; Thu, 21 Jun 2018 14:45:33 -0700 (PDT) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 2002:a4f:5945:0:0:0:0:0 with HTTP; Thu, 21 Jun 2018 14:45:32 -0700 (PDT) X-Originating-IP: [50.227.106.226] In-Reply-To: <201806212110.w5LLAXXS081257@pdx.rh.CN85.dnsmgr.net> References: <1529606006.24573.30.camel@freebsd.org> <201806212110.w5LLAXXS081257@pdx.rh.CN85.dnsmgr.net> From: Warner Losh Date: Thu, 21 Jun 2018 15:45:32 -0600 X-Google-Sender-Auth: HWrEsduuil6NL14-MuPmVQw06QE Message-ID: Subject: Re: svn commit: r335402 - head/sbin/veriexecctl To: "Rodney W. Grimes" Cc: Ian Lepore , "Conrad E. Meyer" , Stephen Kiernan , Eitan Adler , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 21:45:34 -0000 On Thu, Jun 21, 2018 at 3:10 PM, Rodney W. Grimes < freebsd@pdx.rh.cn85.dnsmgr.net> wrote: > ... > > > > Hi, > > > > > > While the code is out of HEAD, it can be posted to a github branch > > > (or > > > a projects/ branch if you prefer SVN) for people to try. > > > > > > Best regards, > > > Conrad > > > > > > > Yeah, put it on a branch where it'll get ignored for another two years. > > > > If this code had been committed long ago, as it probably should have > > been, then people would have been playing with it, and by time I needed > > it a few months ago there would have been all kinds of useful info in > > mailing lists and blogs about how to set it up and what was good and > > bad about it and so on. ?Iterative refinement would have been underway. > > > > Instead what I found was a bunch of patches and a big steep learning > > curve with no existing information about using it in the real world. > > With that info available, I/we ($work) would have been in a position to > > quickly adopt it and begin contributing to the ongoing refinement. > > Instead I had to conclude that product deadlines just didn't allow us > > to even try to get it working from a standing start as first-adopters, > > so we had to move in a different direction. Even though this is a > > better solution than what we did, business practicalities will likely > > prevent us from circling back and changing everything over to this > > scheme in the future, so now we'll end up never contributing much to > > this work. > > > > So, IMO, all this calling for things to be reverted isn't just > > inappropriate, it's actively harmful. This is -current where > > development happens and imperfection is expected. Hiding work in > > patchsets and reviews and alternate branches and other shadowy places > > because it's not perfect is just a way of ensuring it never gets any > > better. > > I am with Ian on this one, we have far too much code sitting > out of tree and rotting faster than anyone can maintain said > code out of tree, meaning we are litterly cutting our own > developement efforts off, not at just the foot but up closer > to the hip. > > The veriexec code landed, its in tree, fix it, polish it, > cut out the ugly bits, but for sake of sanity do not whole > sale revert it so it can generally rot some more. > > Officially this code is on the 12.0 target path, it needs > to be in the tree sooner where many eyes can work on it. > I concur here. Let's give it until 12 to get sorted. If it's mostly sorted by then, we're good. If not we can have the discussion then. There's also some manifest signing stuff in the works that was recently approved to go in. Simon was talking about that. Maybe that will help fill the gaps? Warner