From owner-cvs-src@FreeBSD.ORG Thu Apr 26 09:14:33 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C393716A400; Thu, 26 Apr 2007 09:14:33 +0000 (UTC) (envelope-from trhodes@FreeBSD.org) Received: from pittgoth.com (pittgoth.com [205.134.163.206]) by mx1.freebsd.org (Postfix) with ESMTP id 81A4813C459; Thu, 26 Apr 2007 09:14:33 +0000 (UTC) (envelope-from trhodes@FreeBSD.org) Received: from localhost (net-ix.gw.ai.net [205.134.160.6]) (authenticated bits=0) by pittgoth.com (8.13.6/8.13.6) with ESMTP id l3Q9EpN0070103 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 26 Apr 2007 05:14:51 -0400 (EDT) (envelope-from trhodes@FreeBSD.org) Date: Thu, 26 Apr 2007 05:14:19 -0400 From: Tom Rhodes To: Colin Percival Message-Id: <20070426051419.7ce08353.trhodes@FreeBSD.org> In-Reply-To: <46306C6D.4080301@freebsd.org> References: <200704211417.l3LEHUKK078832@repoman.freebsd.org> <462A27CD.5090006@freebsd.org> <1177170852.32761.0.camel@localhost> <20070424091858.GA31094@comp.chem.msu.su> <462FA0BC.8020207@freebsd.org> <20070426054228.GA53614@comp.chem.msu.su> <463049C6.9080100@samsco.org> <20070426082958.GC53614@comp.chem.msu.su> <4630659E.9040300@samsco.org> <46306C6D.4080301@freebsd.org> Organization: The FreeBSD Project X-Mailer: Sylpheed version 1.0.6 (GTK+ 1.2.10; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: yar@comp.chem.msu.su, scottl@samsco.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/amd64/amd64 pmap.c src/sys/i386/i386 pmap.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2007 09:14:33 -0000 On Thu, 26 Apr 2007 02:10:05 -0700 Colin Percival wrote: > Scott Long wrote: > > Yar Tikhiy wrote: > >> [snip] > >> It's a good news! But what about explaining the code to the public? > >> > >> - Mr. Developer, why does it take an ugly hack to make the device work? > >> - Can't tell ya, I'm under NDA. > > > > I think you have to respect that John and Stephan were doing the right > > thing with this. This was no different than a security fix that gets > > committed before the vulnerability is disclosed. No one seems to get > > upset that the security team operates this way. > > I can only think of one recent case where a security fix was applied without > the vulnerability details becoming public within a matter of minutes (i.e., > as soon as we could get the advisory signed and uploaded), and that was due > to a desire to avoid upstaging my BSDCan talk about hyperthreading (and in > that case, all the details became available about 16 hours after patches were > committed). > > That said, I think we have to respect the fact that NDAs, while not ideal, > provide limited access to information which would otherwise be entirely > unavailable; and in such circumstances I think Yar's suggested response of > "Can't tell ya, I'm under NDA" would be perfectly acceptable. Oh, opinion time. My concern isn't with the NDA as long as a useful commit is made. I think we should be happy something is being put into cvs at all. -- Tom Rhodes