In some email I received from Andrew Gillham, sie wrote:
> 
> Ty Sarna wrote:
> > 
> > In article <199704290426.VAA29059@lestat.nas.nasa.gov> you write:
> > > Besides, if that change broke your firewall, I'd assert that your firewall
> > > was too fragile in the first place.
> > 
> > Run any anonymous ftp servers, Jason? Do you have "ftp" in
> > /etc/ftpchroot? What if I go and remove the special-casing of "ftp"
> > chroot on you, and now your whole system is open? Guess your anonymous
> > ftp server was just too fragile... 
> 
> Please, there is a difference with introducing a bug in a "release"
> of NetBSD, and changing source in -current.  I 100% agree with Jason
> that a firewall that "breaks" because of a commit to -current is
> too fragile.  That is an obvious one.  Running an anonymous ftp server
> on -current, and *blindly* supping changes is pretty fragile also.

I think you misunderstand what his change did.

It effectively disabled the software for everyone using it on -current.
And did so "quietly".

Whilst he added some bits to /etc/netstart, I'm inclined to believe that
people update that much less often than they do kernel source.

I get the impression (I don't subscribe to this list) that no mention of
this change was sent to -security either.

Anyway, I've been reading what people are saying I'm more inclined to add
"IPFILTER_NOAUTO_ENABLE" (rather than "IPFILTER_AUTO_ENABLE") as the former
(if missing) is consistant with IP Filter's current behaviour elsewhere and
revert the behaviour to not need an explicit "ipf -E".

I'll be certain to try find some way of making sure people are aware of its
status when it "attaches", either way.

Darren