Date: Mon, 24 Oct 2016 03:58:14 +0000 (UTC) From: Benjamin Kaduk <bjk@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r49562 - head/en_US.ISO8859-1/htdocs/news/status Message-ID: <201610240358.u9O3wEpu019014@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bjk Date: Mon Oct 24 03:58:13 2016 New Revision: 49562 URL: https://svnweb.freebsd.org/changeset/doc/49562 Log: Add core entry from matthew Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Mon Oct 24 03:46:02 2016 (r49561) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml Mon Oct 24 03:58:13 2016 (r49562) @@ -1242,4 +1242,120 @@ </body> </project> + + <project cat='team'> + <title>The &os; Core Team</title> + + <contact> + <person> + <name>&os; Core Team</name> + <email>core@FreeBSD.org</email> + </person> + </contact> + + <body> + <p>The third quarter started with the handover to the ninth Core + team as it took office. With four members returning from the + previous core (Baptiste Daroussin, Ed Maste, George Neville-Neil + and Hiroki Sato); one returning member after a term away (John + Baldwin) and four members new to core (Allan Jude, Kris Moore, + Benedict Reuschling and Benno Rice) the new core team represents + just about the ideal balance between experience and fresh + blood.</p> + + <p>Beyond handing over all of the ongoing business, reviewing + everything on Core's agenda and other routine changeover + activities, the first action of the new core was to respond to a + query from Craig Rodrigues concerning how hardware supplied to the + project through donations to the &os; Foundation was being + used.</p> + + <p>The Foundation does keep records of what hardware has been + supplied over time and has some idea of the original purpose that + hardware was provisioned for, but does not track the current usage + of the project's hardware assets. Cluster administration keep + their own configuration database, but this is not suitable for + general publication and covers much more than Foundation supplied + equipment. After some discussion it was decided that updated + information about the current disposition of Foundation supplied + equipment should be incorporated in the Foundation's annual + report.</p> + + <p>Ensuring that all of the &os; code base is supplied under open + and unencumbered licensing terms and that we do not infringe on + patent terms or otherwise act counter to any legal requirements + are some of Core's primary concerns. During this quarter, there + were three items of this nature.</p> + + <ul> + <li>Importing Concurrency Kit. In consultation with the + Foundation's legal counsel, it was determined that the relevant + patents on the 'Read Copy Update' synchronization mechanisms + have expired, and consequently the import of selected parts of + concurrency kit was approved.</li> + + <li>The proposal to create a shadow GPLv3 toolchain repository + was put to the community. Ultimately the whole idea has been + rendered largely redundant by faster than anticipated progress + at integrating the latest LLVM toolchain on most of the + interesting system architectures. The goal of a GPL-free base + system is within our grasp.</li> + + <li>Reports that GPL code has been pasted into linuxkpi sources + are under investigation. Core would like to stress that great + care must be taken to avoid inadvertent license infringement, + especially when implementing hardware interfaces or similar + where there is limited scope to invent new constants or + otherwise make it clear this is a novel implementation.</li> + </ul> + + <p>Work on LLVM has thrown up problems with the presence of + certain pre-compiled binary-only drivers as part of the GENERIC + kernel. Core has adopted the policy that such binary-only code + should be moved to loadable modules and that the GENERIC kernel + must be compiled entirely from original sources.</p> + + <p>The item that has absorbed the largest portion of Core's + attention this quarter concerns the project's handling of security + vulnerabilities in bspatch(1), libarchive(3), FreeBSD-update(8) + and portsnap(8). A partial fix was applied in + &os;-SA-16:25.bspatch but this lacks fixes to libarchive code + that were not yet available from upstream.</p> + + <p>SecTeam receives privileged early reports of many + vulnerabilities and consequently has a strict policy of not + commenting publicly until an advisory and patches have been + published. Early access to information about vulnerabilities is + contingent on their ability to avoid premature disclosure, and + without such, they could not have security advisories and + patches ready to go immediately the vulnerability is + published.</p> + + <p>However, in this case, vulnerabilities were already public and + the lack of any official response from the &os; project was + leading to concern amongst users and some critical press coverage. + Core stepped in and published a statement clarifying the situation + and the particular difficulties involved in securely modifying the + mechanisms used to deliver security patches. Core believes that + prompt notification and discussion of the implications and + possible workarounds to any <i>public</i> vulnerability should not wait + on the availability of formal OS patches.</p> + + <p>The OpenSSH project has deprecated DSA keys upstream. &os; had + kept DSA keys enabled in the later 10.x releases for compatibility + reasons, but with the release of 11.0 the time has come to + synchronise again with upstream. Since there are numerous DSA + keys in use in the &os; cluster this has necessitated an + exercise to get replacement keys installed. Core would like to + thank David Wolfskill and the accounts team for handling the surge + in key changes with a great deal of aplomb.</p> + + <p>During this quarter we welcomed Michael Zhilin, Imre Vadasz, + Steve Kiernan and Toomas Soome as new source committers. Over the + same period, we said farewell to Martin Wilke and Erwin Lansing + who have handed in their commit bits. We wish them well in their + future endeavours and hope to see them return as soon as they + can.</p> + </body> + </project> </report>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610240358.u9O3wEpu019014>