Re: Removal of compat-FreeBSD

[Brian Buhrow <buhrow%nfbcal.org@localhost>]

	Hello.  The point I was trying to make is that if you break
COMPAT_FREEBSD by taking it out of the GENERIC kernel, you lose the ability to manage the
twa(4) or twe(4) cards through the OS unless you recompile a kernel with
COMPAT_FREEBSD back in.  (Having an auto-loading module seems like it
misses the point of enhancing security to me.).  New users with these cards
might not then wish to use NetBSD with these cards simply because they
don't want to go to the trouble of compiling a special kernel.  We, as a
NetBSD community, may have then lost those users, which I would see as
unfortunate.

-Brian
On Feb 13,  9:25pm, Eric Haszlakiewicz wrote:
} Subject: Re: Removal of compat-FreeBSD
} On February 13, 2015 6:46:52 PM EST, Brian Buhrow <buhrow%nfbcal.org@localhost> wrote:
} >	If you are going to disable COMPAT_FREEBSD in GENERIC kernels, then
} >you probably also need to disable twe(4) and twa(4) as well.  I would
} >not
} >be in favor of this.  Several people have written saying they use
} >tw_cli.
} >I've not written, but I too use tw_cli to manage 3ware cards under
} >NetBSD.
} 
} That's not at all the same.  Code that can get triggered by an arbitrary executable has a very different attack surface than device drivers that won't be used if you don't have one of those devices in your system.
} I'm all for trimming things down, but I don't think it's valid to claim that removing COMPAT_FREEBSD implies the need to remove anything else.
} 
} Eric
} 
} 
>-- End of excerpt from Eric Haszlakiewicz