tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Experiments with npf on -current

On Tue, 22 Nov 2011 22:55:09 -0600 (CST)
"Jeremy C. Reed" <> wrote:

> We should strive for a higher standard. We should encourage and maybe 
> better require that we provide unit tests and/or behaviour tests with 
> commits too.  (Was there ever a public core announcement about when code 
> is added or bug fixed, that the developer should consider adding ATF 
> tests or regression tests for it?) (I'd like to extend this to include 
> security audit tests as applicable, documentation requirements, and peer 
> review requirements too.)
> We should suggest and even force that code known to be broken to be 
> reverted. (Well I think this is already true, but not happening?) (It 
> will be easier when we have a better revision control so many can work 
> easier on branches.)

While I agree with most of what you said on a technical level,
unfortunately one must also come to the evidence that NetBSD
maintainers are volunteers with limited time and resources :(

So between the ideal and the practice, it's normal if a gap exists...

That said, I find that the NetBSD code base in general is of a high
quality, and the review process which I often see happening on mailing
lists, while sometimes tedious, tends to help a lot.

As for ipfilter vs npf, npf is known to be in development by most of
us, I think; and ipfilter (or sometimes pf) are still being used on
production systems by many where reliability is important and existing
firewall scripts are maintained and relied-upon (I currently use
netbsd-5 and ipfilter myself).  This doesn't mean that an alternative
cannot be in development, incomplete or unstable (especially on an OS
also known to be good for research, such as NetBSD)...

Home | Main Index | Thread Index | Old Index