tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: "wireguard" implementation improperly merged and needs revert
> Hi Taylor,
> [...]
Your email more sounds like you haven't had time to look at the actual code
and try to have it reverted because you are frustrated that it was developed
without your benediction.
I understand your sentiment, but your email has obvious mischaracterizations.
To me the status is simple: Ozaki has a solid background of developing
network components, he wrote a wg implementation 2 years ago by carefully
following the spec, Taylor imported it a few days ago as a first shot, and
kept it disabled for the time being. Taylor then started making improvements.
That's how development happens.
Maybe it would have been wise to commit it to a separate branch for the time
being; but WireGuard is no very complex piece of engineering and I can
understand why Taylor decided to commit the code to the main tree right away.
I will note four things on the technical side:
(1) I am not sure we can actually import OpenBSD's code. The OpenBSD kernel
isn't remotely as MP-safe as NetBSD's, and a copy-pasta will likely add
more bugs than it fixes.
(2) I have noted some bugs in NetBSD's implementation, but they are for the
most part related to kernel API use.
(3) NetBSD has advanced bug detection features (KUBSAN, KASAN, KMSAN, KCSAN),
that simply do not exist in other OSes. These automatically detect bugs
and vulnerabilities at run time. That's a very strong capability we have
developed. You and Matt having reviewed code physically together sounds
nice and all; but humans can miss memory corruptions, the above features
do not.
(4) Considering the overall poor quality of code coming out of OpenBSD, I
wouldn't feel confident with us importing their code, whether it be wg,
or anything else at large.
All of this being said, I believe we are all interested in getting the best
possible WireGuard implementation, so let's not argue over unimportant
matters.
You and Taylor should definitely talk in September (in one week). Meanwhile
reverting the code altogether sounds like a very big step that so far has
received little technical justification. However, moving it to a development
branch would probably be a good move; it would eliminate the confusion as to
whether it is production-ready (which it isn't yet), while still allowing
people to make changes and development to happen. Jason/Taylor, does that
sound good to you?
Cheers,
Maxime
Home |
Main Index |
Thread Index |
Old Index