Re: Proposal, again: Disable autoload of compat_xyz modules

[Maxime Villard <max%m00nbsd.net@localhost>]

Le 26/09/2019 à 17:03, Manuel Bouyer a écrit :
> On Thu, Sep 26, 2019 at 04:52:35PM +0200, Maxime Villard wrote:
> > Le 26/09/2019 à 16:47, Manuel Bouyer a écrit :
> > > On Thu, Sep 26, 2019 at 04:40:33PM +0200, Maxime Villard wrote:
> > > > > Actually this is not clear. We have linux binaries in pkgsrc.
> > > >
> > > > ... And? We have 22000 packages in pkgsrc.
> > >
> > > How is it relevant ? I install less than 200. But there is suse_base in them
> >
> > The real question, is how the fact that there are linux binaries in
> > pkgsrc relevant. Yes, there are packages. And? Most of them are
>
> it's relevant because they are in the binary repositories, so anyone
> can install them with pkg_add or pkgin. And they don't even have to know
> these are linux binaries.
>
> > completely outdated and haven't been updated in the last 10 years.
>
> They were usefull 10 years ago; it doen't make then useless now.
> For example I use then to run eagle, or microchip compilers, on
> a regular basis.

Have you at least read my initial email?

I am not saying compat_linux is useless, I am saying that it has security
issues for a clearly marginal use case, and given the current general
unwillingness to maintain it and handle the security issues in it, it is a
good candidate for being disabled (!= removed). Same as it was in 2017 when
Taylor started the first thread.

Can we stop this moronic conversation and get back to the point? Thanks.

Disabling it doesn't mean removing it, and "modload compat_linux" will
restitute the functionality entirely while perserving against the
vulnerabilities by default.