Re: CVS commit: src/sys/dev/usb

[Maxime Villard <max%m00nbsd.net@localhost>]

Le 23/03/2020 à 04:07, Roy Marples a écrit :
> On 22/03/2020 08:30, Maxime Villard wrote:
>> Overall "From OpenBSD" is a redflag for buggy and vulnerable code..
> 
> We should be above this, no software is perfect, not even ours.
> 
> Roy

You seem to be confusing one-off defects and structural deficiencies. That a
plane crashes because of one slightly malformed screw, is a one-off defect.
Yes, sh*t happens, that's statistical, and in the order of things.

That a plane crashes because pilots have trained on a faulty simulator, are
faced with incomplete emergency manuals, that don't document the faulty flight
computer about to bring the plane down, itself installed to work around the
plane's faulty airframe, is a big redflag for structural deficiencies.

In that you could as well fix the simulator, fix the manuals, fix the computer,
fix the airframe, that there would still be a consistent way for the plane to
crash, because it is just so structurally deficient, that no one could honestly
put any kind of trust in it.

Damn, I love this analogy.

Anyway, to come back to the point, I have come to notice that several
organizations (very big ones sometimes...) produce code that is very close to
structurally deficient, and that's a source of concern for our QA when that
code gets imported. In the case of OpenBSD I don't know if it is recent or if
it has always been like this, I would tend to think the latter. So yeah big
redflag when I see a "from ...", that's an indication that the area needs
attention.

In all cases, these specific issues with if_umb are not urgent, because the
driver is disabled by default in NetBSD. Interesting technical challenge
though, if someone is interested!

Maxime