From owner-freebsd-stable@FreeBSD.ORG Fri Nov 4 20:54:32 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DA2316A41F for ; Fri, 4 Nov 2005 20:54:32 +0000 (GMT) (envelope-from freebsd@voidmain.net) Received: from colossus.nepinc.com (colossus.nepinc.com [66.207.129.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBC4D43D46 for ; Fri, 4 Nov 2005 20:54:28 +0000 (GMT) (envelope-from freebsd@voidmain.net) Received: from [192.168.97.170] (pgh.nepinc.com [66.207.129.50]) (authenticated bits=0) by colossus.nepinc.com (8.13.1/8.13.1) with ESMTP id jA4KstNt022078; Fri, 4 Nov 2005 15:54:56 -0500 (EST) (envelope-from freebsd@voidmain.net) Message-ID: <436BCA7B.6060700@voidmain.net> Date: Fri, 04 Nov 2005 15:54:19 -0500 From: Tom Grove User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051004) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Richard Bejtlich References: <120ef0530511041210s6d3dbee8pc2db36129b44be2c@mail.gmail.com> In-Reply-To: <120ef0530511041210s6d3dbee8pc2db36129b44be2c@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.0 required=4.0 tests=none autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on colossus.nepinc.com X-Virus-Scanned: ClamAV 0.87/1162/Thu Nov 3 12:15:03 2005 on colossus.nepinc.com X-Virus-Status: Clean Cc: freebsd-stable@freebsd.org Subject: Re: Facilitating binary kernel upgrades X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@voidmain.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Nov 2005 20:54:32 -0000 Richard Bejtlich wrote: >Hello all, > >I have become a fan of Colin Percival's freebsd-update, which allows >binary updates of the GENERIC kernel and unmodified userland. > >Binary kernel updates are not possible if I modify my kernel to >include support for IPSec or NAT, e.g. > >device crypto >options FAST_IPSEC >options IPFIREWALL >options IPDIVERT > >After speaking with Colin, he mentioned that IPSec, NAT, and disk >quotas (enabled via options QUOTA) are the three most popular kernel >changes that prevent people from running GENERIC and hence using >freebsd-update for binary kernel updates. > >Can anyone shed light on why those three features are not available in GENERIC? > >Thank you, > >Richard >http://www.taosecurity.com >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > > > My guess is that just because those are the three most popular kernel changes that prevent people from running GENERIC doesn't mean that the majority of users implement these changes. -Tom