From owner-freebsd-stable  Sun Jan 27 16:22:13 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from swan.prod.itd.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by hub.freebsd.org (Postfix) with ESMTP id 8348537B400
	for <stable@freebsd.org>; Sun, 27 Jan 2002 16:22:11 -0800 (PST)
Received: from dialup-209.245.129.180.dial1.sanjose1.level3.net ([209.245.129.180] helo=blossom.cjclark.org)
	by swan.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16UzYM-0003xQ-00; Sun, 27 Jan 2002 16:22:00 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id g0S0K0127236;
	Sun, 27 Jan 2002 16:20:00 -0800 (PST)
	(envelope-from cjc)
Date: Sun, 27 Jan 2002 16:19:51 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: "M. Warner Losh" <imp@village.org>
Cc: jacks@sage-american.com, nate@yogotech.com, stable@FreeBSD.ORG
Subject: Re: Firewall config non-intuitiveness
Message-ID: <20020127161951.A27080@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20020127014848.F23259@blossom.cjclark.org> <20020127.052626.107682843.imp@village.org> <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> <20020127.102748.70374201.imp@village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020127.102748.70374201.imp@village.org>; from imp@village.org on Sun, Jan 27, 2002 at 10:27:48AM -0700
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Sun, Jan 27, 2002 at 10:27:48AM -0700, M. Warner Losh wrote:
[snip]

> Right now what I have works.  You are changing the semantics of a
> security related feature of the system in such a way that after this
> change what I have will not work.  I agree that your work around will
> allow me to easily correct things.  However, if I fail to do so, I
> open my firewall up completely.  To me, that's an unacceptible change
> in the API.

I agree that changing this in -STABLE may be too much of a disruption
in the API. It may be too late. That's why I think this discussion
has been necessary.

However, changing the behavior in -CURRENT... That's a whole different
issue (but not really a topic for this list).
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message