From nobody Sat Nov 5 04:56:14 2022 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N44w81ZWWz4gjL1 for ; Sat, 5 Nov 2022 04:56:40 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N44w71mPVz3m5s for ; Sat, 5 Nov 2022 04:56:39 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: by mail-vk1-xa30.google.com with SMTP id i15so3614933vka.0 for ; Fri, 04 Nov 2022 21:56:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=OsunGp7/aB9DaFu+xaTwyo0NiAIV1+HfRdfqUWcW7AY=; b=mTW3oB39Wq20IDVDYEKwgoClkIp2aXO3vx1z9gwcLdftAajXKYprEzRB03AZN+0erD bniNlz/WvVfQ467FN4IYShOkRitZWnWFfOFgZkV/ZA2j7IQvCM7kFtlCLNHE8EbrZBom 4rjRxyKpdEqvbDQhsO8jS1oFQpJZaUdygGx+6gcoGBnBt7fdnZq4PcyGGA/qwrv0Hv+2 EI+3kiGNNleLDeYaxTeGrVvndHg/PEXIT4xcNZ11ujbM8oLUlYNihr8BzPNFzZDLrESg E73qhy2K9/Y1r5PBOabbHkuzWwThbFkzrAzAB4rufh0NfYAFXnOxX7cKLaAa+l3AfHXv vpeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OsunGp7/aB9DaFu+xaTwyo0NiAIV1+HfRdfqUWcW7AY=; b=J/K7mCd7lGYmkynoTUp+58LlkR94oDYvTeFx3BxOppt7kfVh8LPGpPl1kiG1SS6fjU dIRidpTDsOYwr4pdPVsZAx3SIJTAySJQDeZe5aDdxUkoxyagieSGyXPRidL5mCFsNGx+ 8C4E1bfGD7Jws5ctI3gjhM8jwsY0/5KYS0dqMoT6dpcwr17nwggE0NgOfd5OL0lqNqg9 RskGLCLKF+G+XpjC1EGVJV2/sb6xfR1aaHE9gOgxt5npOa+NMH05/+v+tskcti67KCS6 N16KkLAVQ0wI/6ZQdGIO/1h77v5ClxXEowPcNX5+dI/LY4XnwDFcTAcl3HRpiSy3yL76 H8YQ== X-Gm-Message-State: ACrzQf0WpQ7eKU0cElBy/ehbBYoYLSS7jcMGzx50hnrhCH4XYPkpraGz Pq/3FX0590pkrSjec9Ly0HQaBXwBj24= X-Google-Smtp-Source: AMsMyM7wEVUK/r30FaTpKzc2HRi/+OU9+A31rxxkbCXDNPrJQxxszTsHy3vTLfQRWuosljxxNB/0MA== X-Received: by 2002:a1f:280a:0:b0:3b7:82e4:f3a1 with SMTP id o10-20020a1f280a000000b003b782e4f3a1mr4946627vko.17.1667624197689; Fri, 04 Nov 2022 21:56:37 -0700 (PDT) Received: from [192.168.2.15] ([71.181.93.158]) by smtp.gmail.com with ESMTPSA id a17-20020a67eb11000000b003a7d2bec130sm154644vso.28.2022.11.04.21.56.36 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 04 Nov 2022 21:56:37 -0700 (PDT) Message-ID: <53d29778-ce06-22c6-40a8-5023443f976f@gmail.com> Date: Sat, 5 Nov 2022 00:56:14 -0400 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 Subject: Re: What is the status of the FreeBSD development process now? Content-Language: en-US To: freebsd-hackers@freebsd.org References: From: Theron In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4N44w71mPVz3m5s X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=mTW3oB39; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of theron.tarigo@gmail.com designates 2607:f8b0:4864:20::a30 as permitted sender) smtp.mailfrom=theron.tarigo@gmail.com X-Spamd-Result: default: False [-1.39 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_SPAM_LONG(0.61)[0.607]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::a30:from]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; DKIM_TRACE(0.00)[gmail.com:+]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org] X-ThisMailContainsUnwantedMimeParts: N On 11/4/22 18:14, iio7@tutanota.com wrote: > It's great that things have improved, but without a clear set of rules, such that nothing > gets into the current branch from a committer that hasn't been reviewed by at least > another developer, the problem will just repeat itself. > All it takes is that when someone has made a commit, someone else has to look it through, > provide an "OK", and then it can get into current, without the "OK", it stays out of current. > > This is not a guarantee, but at least something like the wireguard problem, would most likely > be prevented in the future. It's not clear that you have any suggested solution for the "problem" as you have defined it.  The wireguard commit was signed off by an independent reviewer, for what that was worth.  It wasn't the exact version that was committed, but in largely the same problematic state.  Whether the committer could have committed something substantially different from the contents of the review thus circumventing the review process was not the problem in this case. Furthermore, the newly added module presented a vulnerability *when loaded*; this was not an introduction of a vulnerability in existing configurations of systems running current.  It's simply not reasonable to expect current to remain thoroughly stable and secure after blindly enabling newly landed features and to do so on a production system is highly irresponsible.  Review of current is ongoing from time of committed features to feature-freeze for the bugfix-only review period and eventual release.