From owner-freebsd-current@FreeBSD.ORG Thu Feb 2 09:03:04 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E57516A420; Thu, 2 Feb 2006 09:03:04 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from mail25.syd.optusnet.com.au (mail25.syd.optusnet.com.au [211.29.133.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id A356643D48; Thu, 2 Feb 2006 09:03:03 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail25.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k1292wQG000700 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 2 Feb 2006 20:02:58 +1100 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.4/8.13.4) with ESMTP id k1292vbh003686; Thu, 2 Feb 2006 20:02:57 +1100 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.4/8.13.4/Submit) id k1292uck003685; Thu, 2 Feb 2006 20:02:56 +1100 (EST) (envelope-from peter) Date: Thu, 2 Feb 2006 20:02:56 +1100 From: Peter Jeremy To: Mike Jakubik Message-ID: <20060202090256.GE921@turion.vk2pj.dyndns.org> References: <20060201221213.L87763@fledge.watson.org> <43E134AB.8000600@t-hosting.hu> <20060201222704.G87763@fledge.watson.org> <43E14C53.3060400@rogers.com> <20060202004044.GA99245@xor.obsecurity.org> <43E1586E.6090203@rogers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43E1586E.6090203@rogers.com> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.11 Cc: trustedbsd-audit@TrustedBSD.org, Robert Watson , current@freebsd.org Subject: Re: HEADS UP: Audit integration into CVS in progress, some tree disruption X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2006 09:03:04 -0000 On Wed, 2006-Feb-01 19:55:10 -0500, Mike Jakubik wrote: >Well... While you, me, and other viewers of this list may be fully aware >of the situation, some else who is either new to FreeBSD or missed out >on this info may try it and possibly be disappointed. Which would ruin >their experience and/or opinion of FreeBSD in general. I guess if it >does make it in, it would be a good idea to clearly notify the user that >it is still experimental, etc.. IMHO, once the API/ABI is stable, there is no reason why it can't be MFC'd as long as someone is willing to to do the work (including maintenance). The advantages are that the code is available to a larger group of users and therefore will (hopefully) get more testing. The more testing it gets, the sooner the "experimental" tag can be removed. The users for whom the audit framework is important will mostly not want to run bleeding edge code and so getting audit into -STABLE (and production quality) is important to this group. Keep in mind that FreeBSD has shipped for years with utilities and kernel options that have "use at your own risk" warnings all over them. Looking at RELENG_4 LINT (the oldest I have readily to hand): # NOTE 1: The options, CPU_BTB_EN, CPU_LOOP_EN, CPU_IORT, # CPU_LOOP_EN and CPU_RSTK_EN should not be used because of CPU bugs. # These options may crash your system. ... # Protocol families: # Only the INET (Internet) family is officially supported in FreeBSD. # Source code for the NS (Xerox Network Service) is provided for amusement # value. ... # Experimental IPsec implementation that uses the kernel crypto # framework. ... # NB: The NULL, PORTAL, UMAP and UNION filesystems are known to be # buggy, and WILL panic your system if you attempt to do anything with # them. They are included here as an incentive for some enterprising # soul to sit down and fix them. ... # apm: Laptop Advanced Power Management (experimental) ... # Note that this ACPI support is experimental and it's use may result in # machine hangs or kernel panics. ... # ihfc driver for Cologne Chip ISA chipsets (experimental!) -- Peter Jeremy