From owner-freebsd-current@FreeBSD.ORG Sat Apr 13 06:22:28 2013 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4D4EEE8F; Sat, 13 Apr 2013 06:22:28 +0000 (UTC) (envelope-from john@ixsystems.com) Received: from mail.iXsystems.com (newknight.ixsystems.com [206.40.55.70]) by mx1.freebsd.org (Postfix) with ESMTP id 3672E178; Sat, 13 Apr 2013 06:22:27 +0000 (UTC) Received: from localhost (mail.ixsystems.com [10.2.55.1]) by mail.iXsystems.com (Postfix) with ESMTP id D709762035; Fri, 12 Apr 2013 23:22:26 -0700 (PDT) Received: from mail.iXsystems.com ([10.2.55.1]) by localhost (mail.ixsystems.com [10.2.55.1]) (maiad, port 10024) with ESMTP id 13228-08; Fri, 12 Apr 2013 23:22:18 -0700 (PDT) Received: from thinkbsd.divinix.org (unknown [10.8.0.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.iXsystems.com (Postfix) with ESMTPSA id E1F3B6202F; Fri, 12 Apr 2013 23:22:17 -0700 (PDT) Date: Fri, 12 Apr 2013 23:22:16 -0700 From: John Hixson To: Scott Long Subject: Re: ipfilter(4) needs maintainer Message-ID: <20130413062215.GD38195@thinkbsd.divinix.org> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Gleb Smirnoff , Rui Paulo , current@FreeBSD.org, net@FreeBSD.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Apr 2013 06:22:28 -0000 On Fri, Apr 12, 2013 at 11:31:09PM -0600, Scott Long wrote: > > On Apr 12, 2013, at 7:43 PM, Rui Paulo wrote: > > > On 2013/04/11, at 13:18, Gleb Smirnoff wrote: > > > >> Lack of maintainer in a near future would lead to bitrot due to changes > >> in other areas of network stack, kernel APIs, etc. This already happens, > >> many changes during 10.0-CURRENT cycle were only compile tested wrt > >> ipfilter. If we fail to find maintainer, then a correct decision would be > >> to remove ipfilter(4) from the base system before 10.0-RELEASE. > > > > This has been discussed in the past. Every time someone came up and said "I'm still using ipfilter!" and the idea to remove it dies with it. > > I've been saying we should remove it for 4 years now. Not only it's outdated but it also doesn't not fit well in the FreeBSD roadmap. Then there's the question of maintainability. We gave the author a commit bit so that he could maintain it. That doesn't happen anymore and it sounds like he has since moved away from FreeBSD. I cannot find any reason to burden another FreeBSD developer with maintaining ipfilter. > > > > One thing that FreeBSD is bad about (and this really applies to many open source projects) when deprecating something is that the developer and release engineering groups rarely provide adequate, if any, tools to help users transition and cope with the deprecation. The fear of deprecation can be largely overcome by giving these users a clear and comprehensive path forward. Just announcing "ipfilter is going away. EOM" is inadequate and leads to completely justified complaints from users. > > So with that said, would it be possible to write some tutorials on how to migrate an ipfilter installation to pf? Maybe some mechanical syntax docs accompanied by a few case studies? Is it possible for a script to automate some of the common mechanical changes? Also essential is a clear document on what goes away with ipfilter and what is gained with pf. Once those tools are written, I suggest announcing that ipfilter is available but deprecated/unsupported in FreeBSD 10, and will be removed from FreeBSD 11. Certain people will still pitch a fit about it departing, but if the tools are there to help the common users, you'll be successful in winning mindshare and general support. > ++