Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Apr 2013 23:31:09 -0600
From:      Scott Long <scottl@samsco.org>
To:        Rui Paulo <rpaulo@FreeBSD.org>, Gleb Smirnoff <glebius@FreeBSD.org>
Cc:        current@FreeBSD.org, net@FreeBSD.org
Subject:   Re: ipfilter(4) needs maintainer
Message-ID:  <E2F803DD-1F3A-430E-957F-7AB1904CDF42@samsco.org>
In-Reply-To: <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org>
References:  <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Apr 12, 2013, at 7:43 PM, Rui Paulo <rpaulo@FreeBSD.org> wrote:

> On 2013/04/11, at 13:18, Gleb Smirnoff <glebius@FreeBSD.org> wrote:
>=20
>> Lack of maintainer in a near future would lead to bitrot due to =
changes
>> in other areas of network stack, kernel APIs, etc. This already =
happens,
>> many changes during 10.0-CURRENT cycle were only compile tested wrt
>> ipfilter. If we fail to find maintainer, then a correct decision =
would be
>> to remove ipfilter(4) from the base system before 10.0-RELEASE.
>=20
> This has been discussed in the past. Every time someone came up and =
said "I'm still using ipfilter!" and the idea to remove it dies with it.=20=

> I've been saying we should remove it for 4 years now. Not only it's =
outdated but it also doesn't not fit well in the FreeBSD roadmap. Then =
there's the question of maintainability. We gave the author a commit bit =
so that he could maintain it. That doesn't happen anymore and it sounds =
like he has since moved away from FreeBSD. I cannot find any reason to =
burden another FreeBSD developer with maintaining ipfilter.
>=20

One thing that FreeBSD is bad about (and this really applies to many =
open source projects) when deprecating something is that the developer =
and release engineering groups rarely provide adequate, if any, tools to =
help users transition and cope with the deprecation.  The fear of =
deprecation can be largely overcome by giving these users a clear and =
comprehensive path forward.  Just announcing "ipfilter is going away.  =
EOM" is inadequate and leads to completely justified complaints from =
users.

So with that said, would it be possible to write some tutorials on how =
to migrate an ipfilter installation to pf?  Maybe some mechanical syntax =
docs accompanied by a few case studies?  Is it possible for a script to =
automate some of the common mechanical changes?  Also essential is a =
clear document on what goes away with ipfilter and what is gained with =
pf.  Once those tools are written, I suggest announcing that ipfilter is =
available but deprecated/unsupported in FreeBSD 10, and will be removed =
from FreeBSD 11.  Certain people will still pitch a fit about it =
departing, but if the tools are there to help the common users, you'll =
be successful in winning mindshare and general support.

Scott




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E2F803DD-1F3A-430E-957F-7AB1904CDF42>