From owner-cvs-all@FreeBSD.ORG  Thu Apr 26 09:20:28 2007
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4D62C16A402;
	Thu, 26 Apr 2007 09:20:28 +0000 (UTC)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97])
	by mx1.freebsd.org (Postfix) with ESMTP id AD81E13C489;
	Thu, 26 Apr 2007 09:20:26 +0000 (UTC)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (localhost [127.0.0.1])
	by comp.chem.msu.su (8.13.4/8.13.4) with ESMTP id l3Q9KNdj077901;
	Thu, 26 Apr 2007 13:20:23 +0400 (MSD)
	(envelope-from yar@comp.chem.msu.su)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.13.4/8.13.4/Submit) id l3Q9KM3U077899;
	Thu, 26 Apr 2007 13:20:22 +0400 (MSD) (envelope-from yar)
Date: Thu, 26 Apr 2007 13:20:21 +0400
From: Yar Tikhiy <yar@comp.chem.msu.su>
To: Scott Long <scottl@samsco.org>
Message-ID: <20070426092021.GD53614@comp.chem.msu.su>
References: <200704211417.l3LEHUKK078832@repoman.freebsd.org>
	<462A27CD.5090006@freebsd.org> <1177170852.32761.0.camel@localhost>
	<20070424091858.GA31094@comp.chem.msu.su>
	<462FA0BC.8020207@freebsd.org>
	<20070426054228.GA53614@comp.chem.msu.su>
	<463049C6.9080100@samsco.org>
	<20070426082958.GC53614@comp.chem.msu.su>
	<4630659E.9040300@samsco.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4630659E.9040300@samsco.org>
User-Agent: Mutt/1.5.9i
Cc: src-committers@FreeBSD.org, Andre Oppermann <andre@FreeBSD.org>,
	cvs-src@FreeBSD.org, cvs-all@FreeBSD.org, Stephan Uphoff <ups@FreeBSD.org>,
	Coleman Kane <cokane@FreeBSD.org>
Subject: Re: cvs commit: src/sys/amd64/amd64 pmap.c src/sys/i386/i386 pmap.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2007 09:20:28 -0000

On Thu, Apr 26, 2007 at 02:41:02AM -0600, Scott Long wrote:
> Yar Tikhiy wrote:
> >On Thu, Apr 26, 2007 at 12:42:14AM -0600, Scott Long wrote:
> >>Yar Tikhiy wrote:
> >>>On Wed, Apr 25, 2007 at 02:41:00PM -0400, Stephan Uphoff wrote:
> >>>>Yar Tikhiy wrote:
> >>>>>On Sat, Apr 21, 2007 at 09:54:12AM -0600, Coleman Kane wrote:
> >>>>>
> >>>>>>On Sat, 2007-04-21 at 17:03 +0200, Andre Oppermann wrote:
> >>>>>>  
> >>>>>>>Stephan Uphoff wrote:
> >>>>>>>    
> >>>>>>>>ups         2007-04-21 14:17:30 UTC
> >>>>>>>>
> >>>>>>>>FreeBSD src repository
> >>>>>>>>
> >>>>>>>>Modified files:
> >>>>>>>>  sys/amd64/amd64      pmap.c 
> >>>>>>>>  sys/i386/i386        pmap.c 
> >>>>>>>>Log:
> >>>>>>>>Modify TLB invalidation handling.
> >>>>>>>>
> >>>>>>>>Reviewed by:    alc@, peter@
> >>>>>>>>MFC after:      1 week
> >>>>>>>>      
> >>>>>>>Could you be a bit more verbose what changed here and why it
> >>>>>>>was done?
> >>>>>>>
> >>>>>>>    
> >>>>>>I agree. I would really like to know what the modification 
> >>>>>>accomplishes.
> >>>>>>  
> >>>>>Alas, we don't live in an ideal world.  If we did, our commit
> >>>>>messages would always follow the well-known guideline:
> >>>>>
> >>>>>0. Tell the essence of the change.
> >>>>>1. Give the reason for the change.
> >>>>>2. Explain the change unless it's trivial.
> >>>>>
> >>>>>
> >>>>In the ideal world there are no NDAs :-)
> >>>Was the change based on a document under NDA?  Then this case raises
> >>>an interesting question: to what extent an open source developer
> >>>is allowed to explain his code that was based on a document under
> >>>NDA?  Of course, it should depend on the NDA, but I suspect that a
> >>>typical NDA requires a lawyer to interpret it unambiguously (I've
> >>>never signed one by myself), and an overcautious lawyer would say
> >>>that the open source code itself violates the NDA because anybody
> >>>can RTFS. :-)
> >>>
> >>Wow, that was painful to read.  NDAs that specifically allow source
> >>code licensing and distribution are quite common.  They even get written
> >>and reviewed by lawyers! =-)
> >
> >It's a good news!  But what about explaining the code to the public?
> >
> >- Mr. Developer, why does it take an ugly hack to make the device work?
> >- Can't tell ya, I'm under NDA.
> >
> 
> I think you have to respect that John and Stephan were doing the right 
> thing with this.  This was no different than a security fix that gets
> committed before the vulnerability is disclosed.  No one seems to get
> upset that the security team operates this way.

John and Stephan are doing a great job in any case, but I fail to
understand your point.  I can't see how the two cases can be the
same.  A fixed vulnerability is no more a threat to security, but
NDA doesn't get cancelled upon the commit.  So I was curious about
how much knowledge a developer is legally allowed to relay to the
community besides the code itself if he is tied by NDA.

-- 
Yar