Date: Fri, 21 Feb 2003 16:57:12 +0000 From: Paul Richards <paul@freebsd-services.com> To: Mark Murray <mark@grondar.org> Cc: Dag-Erling Smorgrav <des@ofug.org>, "Jacques A. Vidrine" <nectar@FreeBSD.org>, "M. Warner Losh" <imp@bsdimp.com>, ru@FreeBSD.org, cjc@FreeBSD.org, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet in_pcb.c Message-ID: <20030221165712.GJ68768@survey.codeburst.net> In-Reply-To: <200302211530.h1LFUiPE034532@grimreaper.grondar.org> References: <20030221151709.GH68768@survey.codeburst.net> <200302211530.h1LFUiPE034532@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 21, 2003 at 03:30:44PM +0000, Mark Murray wrote: > Paul Richards writes: > > On Fri, Feb 21, 2003 at 03:42:42PM +0100, Dag-Erling Smorgrav wrote: > > > Paul Richards <paul@freebsd-services.com> writes: > > > > I think some features should be labelled as "experimental". This is a > > > > change that may have some benefit but may also be one that we wish > > > > hadn't happened and therefore it should be clear that this is a feature > > > > that's been implemented "to see how it goes" when deployed more widely. > > > > > > It is not a change. It is a new configuration knob which, if left > > > alone, changes absolutely nothing. > > > > Yes, but if a lot of people start changing this setting and FreeBSD gets > > a reputation for being insecure then we may wish we hadn't provided the > > knob. > > Oh, please. :-) > > # rm -rf / > > Has much greater foot-shooting potential, and its harder to disable than > upping your securelevel. Only if you're root and the effect would be immediate. If you use this new knob then your system could be impacted without you noticing and from anyone who has access to the box not just root. When features are added you need to consider how they *could* be used, even if they are optional and off by default e.g., if an application gets written that relies on this feature then anyone who installs it would switch this knob on, without necessarily being aware of the wider implications. Note that I wasn't opposing this change, I'm not demanding a backout or anything approaching that level of opposition, I can see definite benefits from having this knob. I was only suggesting that there should perhaps be a class of changes that are marked as "experimental" so people aren't surprised if that feature gets removed at a later date. If it turns out in 6-12 months time that a lot of people are getting caught out by this change then we might want to revert it, and marking it as an experimental feature makes people think more carefully about what they're doing. The same could be applied to a number of other changes of course. Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030221165712.GJ68768>