On 11 May 1999, Perry E. Metzger wrote:

> > I know it's pretty late in the schedule, but I think something should be
> > done about this before 1.4 is released.
> 
> Something should also be done about the Vietnam War
> war. Unfortunately, the opportunity for doing something about either
> is passed now, don't you think?
>
> The only reason we haven't announced 1.4 is that mirrors take days to
> upload all the software and we don't want to announce with most
> mirrors not in sync yet.

Heh heh... Ok.  I didn't realise how the release schedule works.

> > Most unexperienced users will leave things like the union (and null
> > and umap) filesystems in their kernels, because they aren't aware of
> > the known problems.
> 
> If you are running a NetBSD machine at an ISP, STRIP ANYTHING YOU
> DON'T NEED OUT. This is a general rule. Bugs can only be exploited in
> code you have in your kernel. If you don't need it, nuke it. Stuff
> like lkms support should go if you don't absolutely need it, too.

True, if you know what it is you "don't need".  When I was doing sys-admin
work for an ISP 2 years ago, I knew very little, and didn't want to change
the system unless I had to (for fear of screwing something up).  Hence I
just left things how they were originally (with the union filesystem etc.
in there).  When I upgraded to NetBSD 1.2, I didn't remove anything I
didn't know much about, and since I hadn't read anything about unionfs, I
left it in.  It wasn't until I saw an advisory that I realized that was
the cause of our many system crashes lately (intentional abuse).  If the
upgrade documents, or GENERIC kernel had a comment about unionfs being
risky - I would have left it out.  

I know we can't do anything about admins that don't know the things they
should know (as I was), but I think we can make things easier for newbies
with little hints like that.

Thanks!
	Rick