Re: Proposal, again: Disable autoload of compat_xyz modules

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>, tech-kern%NetBSD.org@localhost
Subject: Re: Proposal, again: Disable autoload of compat_xyz modules
From: Brian Buhrow <buhrow%nfbcal.org@localhost>
Date: Thu, 26 Sep 2019 08:25:28 -0700

	hello.  I make heavy use of the COMPAT_XYZ functions and have done so
for many years.  As Mouse says, it's what makes NetBSD very usable and
easy to maintain.  If that functionality left NetBSD, it would reduce its
value  significantly.
	I understand it's a lot of work to maintain this functionality and
there are a lot of subtle interactions between the modules as they relate
to security, but it is a real time saver in terms of being able to maintain
OS levels while continuing to be able to use working applications and
knowing that the next upgrade of the OS isn't going to break some critical
service in my shop.
	One implication of your proposal is that you'll disable the autoload
functionality, users will turn it back on, use it, and be more vulnerable
than they are now because the primary developers aren't concern with making
things work or secure anymore.   If I remember the discussion from a couple
of years ago, there was some distinction about the invasiveness of each
compat option and its relative security threat.  I think a blanket
disabling of the compat options is too big of ahammer and a more nuanced
approach should be taken.
-thanks

On Sep 26, 10:22am, Mouse wrote:
} Subject: Re: Proposal, again: Disable autoload of compat_xyz modules
} >>> Keeping them enabled for the <1% users interested means keeping
} >>> vulnerabilities for the >99% who don't use these features.
} >> Are the usage numbers really that extreme?  Where'd you get them?  I
} >> didn't think there were any mechanisms in place that would allow
} >> tracking compat usage.
} > No, there is no strict procedure to monitor compat usage, and there
} > never will be.  Maybe it's not <1%, but rather 1.5%; or maybe it's
} > 5%, 10%, 15%.
} 
} > Who cares, exactly?
} 
} The short answer is "anyone who wants NetBSD to be useful".
} 
} If it really is only a tiny fraction - under ten people, say - then,
} sure, yank it out.  If it's 90%, removing it would lose most of the
} userbase, possibly provoke a fork.  15%, 40%, I don't think there is a
} hard line between "pull it" and "keep it", and even if there were I'm
} not sure it would matter because it appears nobody knows what the
} actual use rate is anyway.
} 
} > This compat topic has been discussed over and over, and the
} > conclusion is systematically that these compat options cause immense
} > trouble for little actual use.
} 
} Except the "little actual use" is, apparently, nothing but various wild
} guesses at the actual proportion.  Based on what I've seen in this
} thread, it looks as though the use rate is around 1/2 (two users, two
} non-users) - but, of course, that has no statistical validity; the
} sample is ludicrously small and entirely self-selected.
} 
} /~\ The ASCII				  Mouse
} \ / Ribbon Campaign
}  X  Against HTML		mouse%rodents-montreal.org@localhost
} / \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
>-- End of excerpt from Mouse

Follow-Ups:
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Maxime Villard

References:
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Mouse

Prev by Date: Re: Proposal, again: Disable autoload of compat_xyz modules
Next by Date: Re: Proposal, again: Disable autoload of compat_xyz modules
Previous by Thread: Re: Proposal, again: Disable autoload of compat_xyz modules
Next by Thread: Re: Proposal, again: Disable autoload of compat_xyz modules
Indexes:

Home | Main Index | Thread Index | Old Index