From owner-freebsd-security@FreeBSD.ORG Sun Sep 19 18:33:15 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 661101065670; Sun, 19 Sep 2010 18:33:15 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 3E5A48FC13; Sun, 19 Sep 2010 18:33:15 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id B9ADE46B8A; Sun, 19 Sep 2010 14:33:14 -0400 (EDT) Date: Sun, 19 Sep 2010 19:33:14 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Vadim Goncharov In-Reply-To: Message-ID: References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Sep 2010 18:33:15 -0000 On Wed, 8 Sep 2010, Vadim Goncharov wrote: >> Which part of "support for the Giant lock *over the network stack* was >> removed" [emphasis mine] do you not understand? > > No, component removed was (1), I've underlined. > >> The reason is performance for overall network stack, not ideology. > > For a practical reasons, "it works but slow" is better than "doesn't work at > all (due to absence of code in the src tree)". > > "Make it work. Make it right. Make it fast. In that order", know this? > Sacrificing "work" for "fast"?.. Hmm, if it is not ideology, then what is > it?.. Doug has already clarified, but just to follow up with some detail: Moving to a parallel network stack required that all portions of the stack code be updated to operate without the Giant lock present -- the Giant lock was a fundamental assumption in all kernel code in FreeBSD 4.x and earlier. This decade-long project was highly successful, and relied on members of the community stepping forward to adapt a very large code base by adding fine-grained locking to each component. The results have been extremely impressive, allowing our network stack to scale to 8+ CPUs (I'm actually testing with 32-thread systems as part of some network stack work I'm doing right now). Towards the end of the project, it was clear that a few components in the stack had attracted no interest from the community, and as such, were not going to get updated. As such, we went through a public deprecation and removal process, in which we appealed repeatedly for community members to update the code. This included i4b, one of our three ATM implementations, and one of our two IPSEC implementations. I've attached the i4b schedule below (a three-year process), but you can find information on the full process here: http://wiki.freebsd.org/NONMPSAFE_DEORBIT This was not an issue of i4b operating more slowly than the rest of the stack: it was that the code required fundamental architectural changes without which it couldn't compile, let alone run. We're all happy to have ISDN support come back in the tree if there's an owner for doing it! In the end, any significant code base in the kernel requires ownership -- it can continue through many minor changes without an owner, but major retrofits, such as moving to fine-grained locking, need the attention of someone who understands the code, is able to test the code, and has the time to invest in the code. We do a pretty good job at arranging this with a multi-million line code base, all told. Robert Date Done Event 18 July 2005 yes Post MPSAFE network stack plan to arch@. 04 July 2007 yes Disconnect parts of I4B from the build. HEADS-UP to isdn@. 17 July 2007 yes Post NET_NEEDS_GIANT() reminder to arch@. 27 July 2007 yes Remove NET_NEEDS_GIANT(). 22 March 2008 yes Last call to seek for help rewriting I4B to keep it alive. 15 May 2008 yes Final announcement on isdn@ that I4B will be removed from 8/7. 26 May 2008 yes Remove i4b from HEAD. From owner-freebsd-security@FreeBSD.ORG Mon Sep 20 15:06:07 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9CB75106567A; Mon, 20 Sep 2010 15:06:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 89C988FC16; Mon, 20 Sep 2010 15:06:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o8KF67qO067353; Mon, 20 Sep 2010 15:06:07 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o8KF67Tv067352; Mon, 20 Sep 2010 15:06:07 GMT (envelope-from security-advisories@freebsd.org) Date: Mon, 20 Sep 2010 15:06:07 GMT Message-Id: <201009201506.o8KF67Tv067352@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-10:08.bzip2 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2010 15:06:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:08.bzip2 Security Advisory The FreeBSD Project Topic: Integer overflow in bzip2 decompression Category: contrib Module: bzip2 Announced: 2010-09-20 Credits: Mikolaj Izdebski Affects: All supported versions of FreeBSD. Corrected: 2010-09-20 14:58:08 UTC (RELENG_8, 8.1-STABLE) 2010-09-20 14:58:08 UTC (RELENG_8_1, 8.1-RELEASE-p1) 2010-09-20 14:58:08 UTC (RELENG_8_0, 8.0-RELEASE-p5) 2010-09-20 14:58:08 UTC (RELENG_7, 7.3-STABLE) 2010-09-20 14:58:08 UTC (RELENG_7_3, 7.3-RELEASE-p3) 2010-09-20 14:58:08 UTC (RELENG_7_1, 7.1-RELEASE-p14) 2010-09-20 14:58:08 UTC (RELENG_6, 6.4-STABLE) 2010-09-20 14:58:08 UTC (RELENG_6_4, 6.4-RELEASE-p11) CVE Name: CVE-2010-0405 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The bzip2/bunzip2 utilities and the libbz2 library compress and decompress files using an algorithm based on the Burrows-Wheeler transform. They are generally slower than Lempel-Ziv compressors such as gzip, but usually provide a greater compression ratio. II. Problem Description When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow. III. Impact An attacker who can cause maliciously chosen inputs to be decompressed can cause the decompressor to crash. It is suspected that such an attacker can cause arbitrary code to be executed, but this is not known for certain. Note that some utilities, including the tar archiver and the bspatch binary patching utility (used in portsnap and freebsd-update) decompress bzip2-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2-compressed data even if they never explicitly invoke the bunzip2 utility. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, or to the RELENG_8_1, RELENG_8_0, RELENG_7_3, RELENG_7_1, or RELENG_6_4 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 6.4, 7.1, 7.3, 8.0 and 8.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch # fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libbz2 # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in 3) To update your vulnerable system via a binary patch: Systems running 6.4-RELEASE, 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/bzip2/decompress.c 1.1.1.3.2.3 RELENG_6_4 src/UPDATING 1.416.2.40.2.15 src/sys/conf/newvers.sh 1.69.2.18.2.17 src/contrib/bzip2/decompress.c 1.1.1.3.2.2.2.1 RELENG_7 src/contrib/bzip2/decompress.c 1.1.1.4.2.2 RELENG_7_3 src/UPDATING 1.507.2.34.2.5 src/sys/conf/newvers.sh 1.72.2.16.2.7 src/contrib/bzip2/decompress.c 1.1.1.4.2.1.6.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.17 src/sys/conf/newvers.sh 1.72.2.9.2.18 src/contrib/bzip2/decompress.c 1.1.1.4.2.1.2.1 RELENG_8 src/contrib/bzip2/decompress.c 1.1.1.5.2.1 RELENG_8_1 src/UPDATING 1.632.2.14.2.4 src/sys/conf/newvers.sh 1.83.2.10.2.5 src/contrib/bzip2/decompress.c 1.1.1.5.6.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.8 src/sys/conf/newvers.sh 1.83.2.6.2.8 src/contrib/bzip2/decompress.c 1.1.1.5.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r212901 releng/6.4/ r212901 stable/7/ r212901 releng/7.3/ r212901 releng/7.1/ r212901 stable/8/ r212901 releng/8.0/ r212901 releng/8.1/ r212901 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-10:08.bzip2.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkyXd3QACgkQFdaIBMps37JekgCfcYbIYtG1ZXKsfrFC8RKNl8uV PhsAniSinLogV/Nfj67AcPnoKoyhrXY2 =Qop+ -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 11:12:14 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7537E1065674 for ; Tue, 21 Sep 2010 11:12:14 +0000 (UTC) (envelope-from freebsd-security@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id F06C58FC18 for ; Tue, 21 Sep 2010 11:12:13 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1Oy0le-0005Z1-HY for freebsd-security@freebsd.org; Tue, 21 Sep 2010 13:12:10 +0200 Received: from nuclight.avtf.net ([217.29.94.29]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 21 Sep 2010 13:12:10 +0200 Received: from vadim_nuclight by nuclight.avtf.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 21 Sep 2010 13:12:10 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-security@freebsd.org From: Vadim Goncharov Date: Tue, 21 Sep 2010 11:11:58 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 81 Message-ID: References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: nuclight.avtf.net X-Comment-To: Robert Watson User-Agent: slrn/0.9.9p1 (FreeBSD) X-Mailman-Approved-At: Tue, 21 Sep 2010 11:18:37 +0000 Cc: freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 11:12:14 -0000 Hi Robert Watson! On Sun, 19 Sep 2010 19:33:14 +0100 (BST); Robert Watson wrote about 'Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon': >>> The reason is performance for overall network stack, not ideology. >> >> For a practical reasons, "it works but slow" is better than "doesn't work at >> all (due to absence of code in the src tree)". >> >> "Make it work. Make it right. Make it fast. In that order", know this? >> Sacrificing "work" for "fast"?.. Hmm, if it is not ideology, then what is >> it?.. > Doug has already clarified, but just to follow up with some detail: [...] > Towards the end of the project, it was clear that a few components in the > stack had attracted no interest from the community, ^^^^^^^^^ (1) > As such, we went through a public deprecation and ^^^^^^ (2) > In the end, any significant code base in the kernel requires ownership -- it > can continue through many minor changes without an owner, but major retrofits, > such as moving to fine-grained locking, need the attention of someone who > understands the code, is able to test the code, and has the time to invest in (3) ^^^^^^^^^^^^^^ > the code. We do a pretty good job at arranging this with a multi-million line > code base, all told. As I clarified in my reply to Doug today, the community (1) is not just developers, but users also, some of them, relying on FreeBSD in their business, have the potential to convert money to (3) and thus help the Project (BTW, is it possible for Foundation to ease this possibility for such users?). Of course, that is only one variant, there are may be other posiibilities, but all of them require announce - and (2) was not really public deprecation, in sense that it was known to a subset of community only. E.g., a programmer living on STABLE (thus not reading current@) and hacking other open-source - in case of public announce he could switch from those others to help FreeBSD in a feature he needs. BTW, the committers-guide states: === 11.4 Deprecating Features When it is necessary to remove functionality from software in the base system the following guidelines should be followed whenever possible: 1. Mention is made in the manual page and possibly the release notes that the option, utility, or interface is deprecated. Use of the deprecated feature generates a warning. 2. The option, utility, or interface is preserved until the next major (point zero) release. 3. The option, utility, or interface is removed and no longer documented. It is now obsolete. It is also generally a good idea to note its removal in the release notes. === But I don't see such metions for i4b/isdnd man pages on 6.4. > this decade-long project was highly successful, and relied on members of the > community stepping forward to adapt a very large code base by adding > fine-grained locking to each component. the results have been extremely > impressive, allowing our network stack to scale to 8+ cpus (i'm actually > testing with 32-thread systems as part of some network stack work i'm doing > right now). The Project is ultimately about the users, right? There are early signs that some old FreeBSD users get tired from those changes, those removals, lesser POLA adherence, marketing-not-technical-stuff for time-not-feature-based releases, not so stable -STABLE as it used to be, and so on, migrating to other systems. And older users are more valuable to project than newer ones. May be it's time to revert to some of thet Old Good Things, if decade-long project is mostly ended, while those signs are still early and not a strong tendency?.. Given this thread, I've mentioned earlier about 12 messages in announce@ from 2002 with such public calls for volunteers - there are several years already without these. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 11:39:57 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC2421065673; Tue, 21 Sep 2010 11:39:57 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id D067E8FC1D; Tue, 21 Sep 2010 11:39:56 +0000 (UTC) Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua [212.40.38.101]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id OAA04173; Tue, 21 Sep 2010 14:39:54 +0300 (EEST) (envelope-from avg@icyb.net.ua) Message-ID: <4C989989.4050408@icyb.net.ua> Date: Tue, 21 Sep 2010 14:39:53 +0300 From: Andriy Gapon User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.9) Gecko/20100909 Lightning/1.0b2 Thunderbird/3.1.3 MIME-Version: 1.0 To: vadim_nuclight@mail.ru References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> In-Reply-To: X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 21 Sep 2010 12:04:54 +0000 Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 11:39:57 -0000 > The Project is ultimately about the users, right? There are early signs that > some old FreeBSD users get tired from those changes, those removals, lesser > POLA adherence, marketing-not-technical-stuff for time-not-feature-based > releases, not so stable -STABLE as it used to be, and so on, migrating to > other systems. And older users are more valuable to project than newer ones. > May be it's time to revert to some of thet Old Good Things, if decade-long > project is mostly ended, while those signs are still early and not a strong > tendency?.. Given this thread, I've mentioned earlier about 12 messages in > announce@ from 2002 with such public calls for volunteers - there are several > years already without these. Hmm, it's really simple. If you want to shape the future of the project, then participate in the places where the future is shaped. If you want to know what's coming up in the future, then watch the places where the future is shaped. If you don't do either, you get what you get. Complaining post factum just doesn't work. (Numerous other examples and projects also demonstrate that). "Current", "stable" are not some alien versions of FreeBSD for some other strange people to use. Those are your future releases. Not looking into the future has its benefits - you are not doing anything; but it has costs too - you don't know your future. Looking into the future and shaping it has obvious costs, but the benefits are clear too. Business users and old FreeBSD users should know this best of all. It's strange that you try speak on their behalf but do not seem to realize these simple things. -- Andriy Gapon From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 12:59:53 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 557221065670; Tue, 21 Sep 2010 12:59:53 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (mail.ip6.digiware.nl [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id DA7198FC1A; Tue, 21 Sep 2010 12:59:52 +0000 (UTC) Received: from localhost (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id DDC97153434; Tue, 21 Sep 2010 14:59:51 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by localhost (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pa6OhOkhSsTw; Tue, 21 Sep 2010 14:59:48 +0200 (CEST) Received: from [127.0.0.1] (opteron [192.168.10.67]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.digiware.nl (Postfix) with ESMTPSA id 78DA7153433; Tue, 21 Sep 2010 14:59:48 +0200 (CEST) Message-ID: <4C98AC42.1040104@digiware.nl> Date: Tue, 21 Sep 2010 14:59:46 +0200 From: Willem Jan Withagen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.9) Gecko/20100915 Lightning/1.0b2 Thunderbird/3.1.4 MIME-Version: 1.0 To: Andriy Gapon References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> <4C989989.4050408@icyb.net.ua> In-Reply-To: <4C989989.4050408@icyb.net.ua> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 21 Sep 2010 13:02:50 +0000 Cc: vadim_nuclight@mail.ru, freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 12:59:53 -0000 On 2010-09-21 13:39, Andriy Gapon wrote: >> The Project is ultimately about the users, right? There are early signs that >> some old FreeBSD users get tired from those changes, those removals, lesser >> POLA adherence, marketing-not-technical-stuff for time-not-feature-based >> releases, not so stable -STABLE as it used to be, and so on, migrating to >> other systems. And older users are more valuable to project than newer ones. >> May be it's time to revert to some of thet Old Good Things, if decade-long >> project is mostly ended, while those signs are still early and not a strong >> tendency?.. Given this thread, I've mentioned earlier about 12 messages in >> announce@ from 2002 with such public calls for volunteers - there are several >> years already without these. Well, let me pitch in here a bit, because this discussion has had me on the edge of commenting already for too long. I'm a FreeBSD user as early as 1993, still have the first 1.0 CD here as nice remembrance. So I guess that I qualify as one of those "old FreeBSD" users. And I completely disagree with you. If you have been such an old freebsd user,then you should know the immense effort there has been to move GIANT out of the way. I cann't even get close to describing what a huge respect I have for the people that dared to undertake such a humongous effort. With an high probability of being flamed to death... But still ever since 5.x I've seen things really improve for the better. And yes, I was sorry to see ISDN being removed, but as things have progressed another version has been returned instead. And sure I have more hardware than you can imagine that is no longer supported. But it is all old, and worn down, sometimes it is even still VESA stuff. And right,there have been variations in the level of what you would like to call stable. But compared to the "old days" I would say, it has always been above my expectation. And note that I have and still do run 24*7 business on this. FreeBSD has never NEVER ever let me down. So as far as I'm concerned you are barking up the wrong tree here. --WjW From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 13:02:32 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F5A610656AA; Tue, 21 Sep 2010 13:02:32 +0000 (UTC) (envelope-from unixmania@gmail.com) Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.216.175]) by mx1.freebsd.org (Postfix) with ESMTP id E66F68FC0C; Tue, 21 Sep 2010 13:02:31 +0000 (UTC) Received: by qyk31 with SMTP id 31so4149937qyk.13 for ; Tue, 21 Sep 2010 06:02:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=tC/5dZBohCSOZms6lQt65KLeRH+Nwu2S6XiWhpaczrk=; b=KiNtz/q3mpQfC0hWA5/KcYrATguFBSLhV42y98spjWkW/t26RdMGR48pvcFeic597W 86iogk1GWCoHXZ8xozuvGaqsgsRXoM2jETXxFJX+1J4tzK7kBZLxXYLWWdZ6F2AgFYuF /BSpvgBBfoTD+VbWwBixRC6gbvgLATofRhXzU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=NQ3D0zn/Gqvg76BEM+1NJwwG2abKVXkOyuqvqOHhhZfn9wSbTXUsEMTdbgGHfm+9bw +ppJ4lEZQ3TQAq0p0ewynUJUxjJdEvFfAksZ+oGTRsv/0R/HRnNG7NVj6UvKBijBwSdN 8lfa7SyjW1mrN3xW8LjftR8FI2kijHzcxhMA4= MIME-Version: 1.0 Received: by 10.229.96.16 with SMTP id f16mr7123124qcn.255.1285072797132; Tue, 21 Sep 2010 05:39:57 -0700 (PDT) Received: by 10.229.31.194 with HTTP; Tue, 21 Sep 2010 05:39:56 -0700 (PDT) In-Reply-To: <4C989989.4050408@icyb.net.ua> References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> <4C989989.4050408@icyb.net.ua> Date: Tue, 21 Sep 2010 09:39:56 -0300 Message-ID: From: "Carlos A. M. dos Santos" To: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Tue, 21 Sep 2010 13:55:03 +0000 Cc: Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 13:02:32 -0000 On Tue, Sep 21, 2010 at 8:39 AM, Andriy Gapon wrote: [...] > If you want to shape the future of the project, then participate in the p= laces > where the future is shaped. =A0If you want to know what's coming up in th= e future, > then watch the places where the future is shaped. =A0If you don't do eith= er, you get > what you get. =A0Complaining post factum just doesn't work. =A0(Numerous = other > examples and projects also demonstrate that). Stop feeding the troll, please. From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 13:29:22 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CF3F106564A for ; Tue, 21 Sep 2010 13:29:22 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta03.emeryville.ca.mail.comcast.net (qmta03.emeryville.ca.mail.comcast.net [76.96.30.32]) by mx1.freebsd.org (Postfix) with ESMTP id 2DAFF8FC18 for ; Tue, 21 Sep 2010 13:29:22 +0000 (UTC) Received: from omta21.emeryville.ca.mail.comcast.net ([76.96.30.88]) by qmta03.emeryville.ca.mail.comcast.net with comcast id 9QDj1f0031u4NiLA3RGBsD; Tue, 21 Sep 2010 13:16:11 +0000 Received: from koitsu.dyndns.org ([98.248.41.155]) by omta21.emeryville.ca.mail.comcast.net with comcast id 9RGA1f00D3LrwQ28hRGAsv; Tue, 21 Sep 2010 13:16:11 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 739BC9B427; Tue, 21 Sep 2010 06:16:10 -0700 (PDT) Date: Tue, 21 Sep 2010 06:16:10 -0700 From: Jeremy Chadwick To: Willem Jan Withagen Message-ID: <20100921131610.GA58719@icarus.home.lan> References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> <4C989989.4050408@icyb.net.ua> <4C98AC42.1040104@digiware.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4C98AC42.1040104@digiware.nl> User-Agent: Mutt/1.5.20 (2009-06-14) X-Mailman-Approved-At: Tue, 21 Sep 2010 15:21:12 +0000 Cc: vadim_nuclight@mail.ru, freebsd-security@freebsd.org, freebsd-stable@freebsd.org, Andriy Gapon Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 13:29:22 -0000 On Tue, Sep 21, 2010 at 02:59:46PM +0200, Willem Jan Withagen wrote: > On 2010-09-21 13:39, {some mysterious person :-)} wrote: > >>The Project is ultimately about the users, right? There are early signs that > >>some old FreeBSD users get tired from those changes, those removals, lesser > >>POLA adherence, marketing-not-technical-stuff for time-not-feature-based > >>releases, not so stable -STABLE as it used to be, and so on, migrating to > >>other systems. And older users are more valuable to project than newer ones. > >>May be it's time to revert to some of thet Old Good Things, if decade-long > >>project is mostly ended, while those signs are still early and not a strong > >>tendency?.. Given this thread, I've mentioned earlier about 12 messages in > >>announce@ from 2002 with such public calls for volunteers - there are several > >>years already without these. Andriy wasn't the one who wrote this. In fact, I'm not sure who the quote actually came from because I never received the Email it came from, but I'm under the impression it's from Vadim. My mail spool: $ grep "Old Good Things" Mail/freebsd/freebsd-stable > May be it's time to revert to some of thet Old Good Things, if decade-long >> May be it's time to revert to some of thet Old Good Things, if decade-long >>> May be it's time to revert to some of thet Old Good Things, if decade-long >> May be it's time to revert to some of thet Old Good Things, if decade-long The first mention of it was in an Email from Andriy, sent to Vadim, with Andriy quoting someone words (the first paragraph shown above). Strangely I can't find the mail on the official FreeBSD pipermail lists either. I'm staying out of the main discussion, but I'm just wanting to point out that Andriy did not write the above quote. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 13:49:34 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E930106564A; Tue, 21 Sep 2010 13:49:34 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (mail.ip6.digiware.nl [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id 154058FC08; Tue, 21 Sep 2010 13:49:33 +0000 (UTC) Received: from localhost (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id E89B0153434; Tue, 21 Sep 2010 15:49:32 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by localhost (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SHqVM2wMfVfD; Tue, 21 Sep 2010 15:49:29 +0200 (CEST) Received: from [127.0.0.1] (opteron [192.168.10.67]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.digiware.nl (Postfix) with ESMTPSA id 42FFC153433; Tue, 21 Sep 2010 15:49:29 +0200 (CEST) Message-ID: <4C98B7E7.1020403@digiware.nl> Date: Tue, 21 Sep 2010 15:49:27 +0200 From: Willem Jan Withagen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.9) Gecko/20100915 Lightning/1.0b2 Thunderbird/3.1.4 MIME-Version: 1.0 To: Jeremy Chadwick References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> <4C989989.4050408@icyb.net.ua> <4C98AC42.1040104@digiware.nl> <20100921131610.GA58719@icarus.home.lan> In-Reply-To: <20100921131610.GA58719@icarus.home.lan> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 21 Sep 2010 15:21:30 +0000 Cc: vadim_nuclight@mail.ru, freebsd-security@freebsd.org, freebsd-stable@freebsd.org, Andriy Gapon Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 13:49:34 -0000 On 2010-09-21 15:16, Jeremy Chadwick wrote: > On Tue, Sep 21, 2010 at 02:59:46PM +0200, Willem Jan Withagen wrote: >> On 2010-09-21 13:39, {some mysterious person :-)} wrote: >>>> The Project is ultimately about the users, right? There are early signs that >>>> some old FreeBSD users get tired from those changes, those removals, lesser >>>> POLA adherence, marketing-not-technical-stuff for time-not-feature-based >>>> releases, not so stable -STABLE as it used to be, and so on, migrating to >>>> other systems. And older users are more valuable to project than newer ones. >>>> May be it's time to revert to some of thet Old Good Things, if decade-long >>>> project is mostly ended, while those signs are still early and not a strong >>>> tendency?.. Given this thread, I've mentioned earlier about 12 messages in >>>> announce@ from 2002 with such public calls for volunteers - there are several >>>> years already without these. > > Andriy wasn't the one who wrote this. In fact, I'm not sure who the > quote actually came from because I never received the Email it came > from, but I'm under the impression it's from Vadim. My mail spool: My bad for not checking the included reference. I was also very much under the impression that that quote was Vadim's, since it was in completeline with his previous complaints/rants/whining. And yes, your are smart to stay out of the discussion. But this old fart just had too much urge to react. So now I'll just go back to my old lurking state. --WjW From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 17:33:23 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A848106564A; Tue, 21 Sep 2010 17:33:23 +0000 (UTC) (envelope-from joe.shevland@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id EE3208FC0C; Tue, 21 Sep 2010 17:33:22 +0000 (UTC) Received: by pzk7 with SMTP id 7so1956512pzk.13 for ; Tue, 21 Sep 2010 10:33:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=WdtjoWocMzxru7NXbrseDke2q4iMNT/x5vG9ETgDHO4=; b=LTdDXyxsx6SSOubg0n2HE3PTswFbV951jqkg/XRbSI++ghq0UToz5joDF6A6Cr3gFe wZUVtk8HRKviVzfq0eCabWSWvscf389Dg9NBD/3eNqoZZgLgIkEWZ7UfPZ0pZFx6Gd6Q oLrHRjXAdrG/adsFKSbWvJux7mOJE/T+7774g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=WoCX/qCuJDjC5X7Ketie348HIbmmhGUtksLj+x8BwWZvH8un+7ec6rWGgYjNyC90NT MJ+UffLPEURhra28RXEVMFNeOO65ZtG7c27zN8KaEKBOqfc7wR82WbpizA3ukwJDUdGs AcvLwILSJlp0TutmD8ioHyg5huYzESFQ3RfnE= Received: by 10.114.133.11 with SMTP id g11mr12005519wad.213.1285089049539; Tue, 21 Sep 2010 10:10:49 -0700 (PDT) Received: from [192.168.0.50] (d122-109-167-147.sun2.vic.optusnet.com.au [122.109.167.147]) by mx.google.com with ESMTPS id s5sm15884897wak.12.2010.09.21.10.10.45 (version=SSLv3 cipher=RC4-MD5); Tue, 21 Sep 2010 10:10:48 -0700 (PDT) Message-ID: <4C98E71F.4040800@gmail.com> Date: Wed, 22 Sep 2010 03:10:55 +1000 From: Joe Shevland User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 MIME-Version: 1.0 To: Willem Jan Withagen References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> <4C989989.4050408@icyb.net.ua> <4C98AC42.1040104@digiware.nl> <20100921131610.GA58719@icarus.home.lan> <4C98B7E7.1020403@digiware.nl> In-Reply-To: <4C98B7E7.1020403@digiware.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: vadim_nuclight@mail.ru, freebsd-security@freebsd.org, freebsd-stable@freebsd.org, Andriy Gapon , Jeremy Chadwick Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 17:33:23 -0000 On 21/09/2010 11:49 PM, Willem Jan Withagen wrote: > On 2010-09-21 15:16, Jeremy Chadwick wrote: >> On Tue, Sep 21, 2010 at 02:59:46PM +0200, Willem Jan Withagen wrote: >>> On 2010-09-21 13:39, {some mysterious person :-)} wrote: >>>>> The Project is ultimately about the users, right? There are early >>>>> signs that >>>>> some old FreeBSD users get tired from those changes, those >>>>> removals, lesser >>>>> POLA adherence, marketing-not-technical-stuff for >>>>> time-not-feature-based >>>>> releases, not so stable -STABLE as it used to be, and so on, >>>>> migrating to >>>>> other systems. And older users are more valuable to project than >>>>> newer ones. >>>>> May be it's time to revert to some of thet Old Good Things, if >>>>> decade-long >>>>> project is mostly ended, while those signs are still early and not >>>>> a strong >>>>> tendency?.. Given this thread, I've mentioned earlier about 12 >>>>> messages in >>>>> announce@ from 2002 with such public calls for volunteers - there >>>>> are several >>>>> years already without these. >> >> Andriy wasn't the one who wrote this. In fact, I'm not sure who the >> quote actually came from because I never received the Email it came >> from, but I'm under the impression it's from Vadim. My mail spool: > > My bad for not checking the included reference. > I was also very much under the impression that that quote was Vadim's, > since it was in completeline with his previous complaints/rants/whining. > > And yes, your are smart to stay out of the discussion. But this old > fart just had too much urge to react. So now I'll just go back to my > old lurking state. My thoughts are below - remembering its a volunteer project, people spend their precious time to make it happen, and noneofthatwisthandingitsstilldamngood: a) if you don't like it, fix it. b) if you can't fix it, pay someone else to fix it c) if you can't fix it or otherwise be helpful, remain silent If you can't do a or b or c, and still have no options, below: d) whinging never helps e) those that whinge on volunteer projects are subject to the emperors wrath f) kill the heretic, the witch, the unbeliever. Recover the gene-seed at all costs. Cheers Joe > > --WjW > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Tue Sep 21 18:50:49 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7956B10656B2 for ; Tue, 21 Sep 2010 18:50:49 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id F28A38FC12 for ; Tue, 21 Sep 2010 18:50:46 +0000 (UTC) Received: (qmail 20355 invoked by uid 399); 21 Sep 2010 18:50:45 -0000 Received: from localhost (HELO ?192.168.0.142?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 21 Sep 2010 18:50:45 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4C98FE85.6030006@FreeBSD.org> Date: Tue, 21 Sep 2010 11:50:45 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4 MIME-Version: 1.0 To: vadim_nuclight@mail.ru References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> <4C989989.4050408@icyb.net.ua> <4C98AC42.1040104@digiware.nl> In-Reply-To: X-Enigmail-Version: 1.2a1pre OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 18:50:49 -0000 On 9/21/2010 6:54 AM, Vadim Goncharov wrote: > This thread, to this moment, has one practical statement: calls for > volunteers and other major notifications should go to announce@, > perhaps to Web site, too ... and since you've made that point, and several people in the project leadership have agreed with you, perhaps it's time to give it a rest? Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ From owner-freebsd-security@FreeBSD.ORG Sat Sep 25 00:22:07 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B01F8106566B; Sat, 25 Sep 2010 00:22:07 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 66E1A8FC20; Sat, 25 Sep 2010 00:22:07 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id E5C5A1FFC34; Sat, 25 Sep 2010 00:03:14 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id BF2018452F; Sat, 25 Sep 2010 02:03:14 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Joe Shevland References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> <4C989989.4050408@icyb.net.ua> <4C98AC42.1040104@digiware.nl> <20100921131610.GA58719@icarus.home.lan> <4C98B7E7.1020403@digiware.nl> <4C98E71F.4040800@gmail.com> Date: Sat, 25 Sep 2010 02:03:14 +0200 In-Reply-To: <4C98E71F.4040800@gmail.com> (Joe Shevland's message of "Wed, 22 Sep 2010 03:10:55 +1000") Message-ID: <868w2qofjx.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-stable@freebsd.org, Andriy Gapon , vadim_nuclight@mail.ru, freebsd-security@freebsd.org, Willem Jan Withagen , Jeremy Chadwick Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Sep 2010 00:22:07 -0000 Joe Shevland writes: > My thoughts are below - remembering its a volunteer project, people > spend their precious time to make it happen, and > noneofthatwisthandingitsstilldamngood: > > a) if you don't like it, fix it. > b) if you can't fix it, pay someone else to fix it > c) if you can't fix it or otherwise be helpful, remain silent That's a bit harsh. In more general terms, to get something done, you need someone with a) knowledge, b) opportunity and c) motivation. If you don't have all three, find someone who has at least one and provide what's missing. Money can provide opportunity, motivation, or both, but it is not the only solution. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Sat Sep 25 18:16:54 2010 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE43510656D1 for ; Sat, 25 Sep 2010 18:16:54 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id 984888FC19 for ; Sat, 25 Sep 2010 18:16:54 +0000 (UTC) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 7FB6345C9F; Sat, 25 Sep 2010 19:49:53 +0200 (CEST) Received: from localhost (chello089077043238.chello.pl [89.77.43.238]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 84C8345683; Sat, 25 Sep 2010 19:49:48 +0200 (CEST) Date: Sat, 25 Sep 2010 19:49:29 +0200 From: Pawel Jakub Dawidek To: freebsd-current@FreeBSD.org Message-ID: <20100925174929.GD47356@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yH1ZJFh+qWm+VodA" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 9.0-CURRENT amd64 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_00,RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-security@FreeBSD.org Subject: Recent GELI additions. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Sep 2010 18:16:55 -0000 --yH1ZJFh+qWm+VodA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I'd like to inform about three new features in GELI available in HEAD: 1. AES-XTS encryption. XTS mode is a standard that is recommended these days for storage encryption. This is the default now. AES-XTS support was also added to opencrypto framework and aesni(4) driver. 2. Multiple encryption keys. GELI will use one encryption key for at most 2^20 blocks (sectors), as it is not recommended to use the same encryption key for too much data. It generates keys array from the master key on attach and uses it accordingly. This is the default now. 3. Passphrase can now be loaded from a file (-J and -j options). --=20 Pawel Jakub Dawidek http://www.wheelsystems.com pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --yH1ZJFh+qWm+VodA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkyeNikACgkQForvXbEpPzSRywCggPV06cuFcVEFfS+NwIwestc0 BiAAoJVb7VGXo3XHPFEBWZnJIIZ1kfOQ =7Tge -----END PGP SIGNATURE----- --yH1ZJFh+qWm+VodA--