Date: Wed, 17 Mar 2021 13:53:28 +0100 From: Gordon Bergling <gbe@freebsd.org> To: Kyle Evans <kevans@freebsd.org> Cc: freebsd-arch@freebsd.org, FreeBSD Hackers <freebsd-hackers@freebsd.org>, WireGuard mailing list <wireguard@lists.zx2c4.com> Subject: Re: Removing WireGuard Support From FreeBSD Base Message-ID: <YFH7yIJ9OImHUwYO@lion.0xfce3.net> In-Reply-To: <CACNAnaHR9Li0wPOjmwRk7jG76-AESoTt0QrrG_UVTrev38N=bQ@mail.gmail.com> References: <CACNAnaHR9Li0wPOjmwRk7jG76-AESoTt0QrrG_UVTrev38N=bQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--RTChV5aF75eiVAKG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I am not sure, if the removal is a great idea, a removal from releng/13 and stable/13 - possibly yes, but from main? This is still -CURRENT and -CURRENT should be central place for development, even if we have phabricator for review. If the complete backout is happening, please don't forget the manual page. I have spend a lot of time on it, while OpenBSD made a good template. --Gordon On Tue, Mar 16, 2021 at 11:48:56AM -0500, Kyle Evans wrote: > Hi, >=20 > You may have recently noticed some chatter around the internet about > FreeBSD's in-kernel WireGuard implementation, and the work we've done > on it in the last week. You may have also noticed additional chatter > afterwards with regards to the original implementation. I'd like to give > some context and information with regards to the current situation, as > well as provide some insight into the future as one of the developers > involved. >=20 > With regard to the original implementation, this will be my only > commentary on the matter. I'm a developer, and I'm passionate > about the work that I do- often to a fault. I've said some things that > I regret; the accusations that Scott Long alluded to in an e-mail on Free= BSD > mailing lists were indeed made by me, and his phrasing of what I > said was much kinder than it could have been. These were mistakes, > and I'm going to own that. However, my personal belief is that neither > Netgate, pfSense, nor the original developer deserved the level of > scorn and criticism that they've received in the past days from both the > press and the community at large. >=20 > In the next day or so, I will be committing a removal of all WireGuard > related bits from our 'main' branch, including the work that I recently > committed. It will be followed up by a removal of the implementation > from stable/13, and we will seek appropriate approval to remove it > from releng/13.0 as well. Please, do not be concerned by any of this; > this is being done with mutual support from all parties. >=20 > Did the original implementation have issues? Yes, it did. Are we > certain that our new version -doesn't- have issues? I believe it > doesn't, but it hasn't been through thorough enough review. We hacked > on this for a week, and we all reviewed each others' work in the > process. The problem is that this work, in particular, is a driver with f= airly > severe security implications. Review by "three developers working > and beating on it" is not the higher bar that we should be > holding this to. While I believed I was doing what's right for the > community, it's become clear that what's right for the community is > to take a step back and do this the right way. >=20 > Note that we're not dropping this effort. We will continue iterating > on this out-of-tree, and we will go through the proper review > channels. Folks will be unhappy in the interim because we're removing > it right now, but in the end we will have a better FreeBSD because of > it. There will be a kernel module available in ports at some point, > but not before it's ready. >=20 > Moving forward, myself, members of Netgate, and members of the larger > community *are* working together on strictly technical details. I urge > anyone with an interest in reviewing the driver to also get in touch with= me. > Please, let's move forward as a community on this. >=20 > Thank you, >=20 > Kyle Evans > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" --=20 --RTChV5aF75eiVAKG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEYbWI0KY5X7yH/Fy4OQX2V8rP09wFAmBR+8hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYx QjU4OEQwQTYzOTVGQkM4N0ZDNUNCODM5MDVGNjU3Q0FDRkQzREMACgkQOQX2V8rP 09zmrQgAnsfgJ6vHWxHkAKQMmjsBu+/D0Zn9h3riJZmY79pC53/kEcfFIm4n45Gv XDvbP5b4wrNSKYtLBJJuskJXY0OPHlNxDESoduEN2FIUy1ffxTj7eQKdP9FtdPj4 PRMtAcF/95IfGc/wUNRQcOsMW5LZq1md0uLqBM6YqKYCIILPfvBFxtOPUMsifWNK hdfK8pHu0qUwAZUKLtKKF86SA67a/L874n2roKZazzNFzT0rqVNIxdr1T5qAtpk3 GkXaVDEVF25wo8IX4jIRvCXs6tjHqw9KdWc4bxX6WmsB0eelaJuuok4j4KN+oEkE cz+huqPlxvOOWm+QOO4DKRrwAOwxWQ== =2JqR -----END PGP SIGNATURE----- --RTChV5aF75eiVAKG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YFH7yIJ9OImHUwYO>