From owner-svn-src-stable-11@freebsd.org Fri May 31 22:47:34 2019 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE68015C7A5B for ; Fri, 31 May 2019 22:47:34 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3D22987D1D for ; Fri, 31 May 2019 22:47:34 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qk1-x72e.google.com with SMTP id s22so5348675qkj.12 for ; Fri, 31 May 2019 15:47:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+xTJJ9VcMEEceSZlJm7q7AfI4+M5hZffATNoG/TFm3c=; b=ZkKEtAM439nyyeT0FwVtED0qVkGOxOyuQrhfruRFfm1mggeFn8FOozI7rl9vVVGbpm Qg9wAi92n/BehrIIWDbxO892VG3uGzpuY/sS1WCtV02sy/B3V8py9wPDDmjgZpzpDuny JeuLqK37tSuiEM66JKMkMfCbjI5P4xJcXdaCP596kZ2QJ6pzO9OoR8JBzKN4wbOEpbDb +hJAtc4smXPRHVdXs+SyH+SSdT+XfoaD72QSwifn6VA7z6XIsUidMQ/4TiGXi8FRYfP2 4TECD0DcexBMfj7dxelx8QxmxpL6bQ8TVMbRi9n0q4Esh770FWyAkcx9DHPRzRNlxmaa fddQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+xTJJ9VcMEEceSZlJm7q7AfI4+M5hZffATNoG/TFm3c=; b=p8a/9nuEhuBqXqBzhZO5zQJo3MI1s2B/Qt8O2ITX2/szumwMWGeZzFab66SjbKm1o2 rP3HMlhq9hJXCxaDDTGKeFZuScB8ABDs+bLy21V70PfCtPOWM8l4rlOIxj6rJp/XiBMG hbQHgLwDyqhSy6kqQLAAlDc/Sgq58qOPl90kYDlJTI2oEqRhjLSt7dpEzDmtD5KjCxu9 Bc5K1M9OSZ493Tn3OeRksv0V0IqnfDOiCRs9vYHX44GPH6tPEcukCChAo604Yn1CBcND kDgwPMQaUzPzOJeowR7iDz+CLYDJcqMd1sEP+aBDSZfVHPTK40w9EOPt9VqA6BJo4BcW dwfw== X-Gm-Message-State: APjAAAVmluVrR34j0XAigpnxRYh0ItrE6/PebdiVYgLg0pE/k13a0C9i 3ptxxrQic+m7YFCJV588eNMEvQtWBu4o/+/0N12tWKvf X-Google-Smtp-Source: APXvYqzP2rDNTSr5BNmHCHvu1DvP6/fyMjyRSmDEVMD5nCdw8/k2UiXMlB13F1aFT0fugFpIAwi5DvqsaE+ecpFp9IU= X-Received: by 2002:a37:484e:: with SMTP id v75mr10541988qka.331.1559342853160; Fri, 31 May 2019 15:47:33 -0700 (PDT) MIME-Version: 1.0 References: <201905312026.x4VKQu3T051213@repo.freebsd.org> <15af7ff4-42c9-2020-4167-6e757317f38a@FreeBSD.org> In-Reply-To: <15af7ff4-42c9-2020-4167-6e757317f38a@FreeBSD.org> From: Warner Losh Date: Fri, 31 May 2019 16:47:21 -0600 Message-ID: Subject: Re: svn commit: r348482 - stable/11/sys/netipsec To: John Baldwin Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org X-Rspamd-Queue-Id: 3D22987D1D X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.93 / 15.00]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.93)[-0.934,0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 May 2019 22:47:35 -0000 On Fri, May 31, 2019 at 4:36 PM John Baldwin wrote: > On 5/31/19 1:26 PM, John Baldwin wrote: > > Author: jhb > > Date: Fri May 31 20:26:56 2019 > > New Revision: 348482 > > URL: https://svnweb.freebsd.org/changeset/base/348482 > > > > Log: > > MFC 348205: > > Add deprecation warnings for IPsec algorithms deprecated in RFC 8221. > > > > All of these algorithms are either explicitly marked MUST NOT, or they > > are implicitly MUST NOTs by virtue of not being included in IETF's > > list of protocols at all despite having assignments from IANA. > > > > Specifically, this adds warnings for the following ciphers: > > - des-cbc > > - blowfish-cbc > > - cast128-cbc > > - des-deriv > > - des-32iv > > - camellia-cbc > > > > Warnings for the following authentication algorithms are also added: > > - hmac-md5 > > - keyed-md5 > > - keyed-sha1 > > - hmac-ripemd160 > > > > Approved by: re (gjb) > > Sigh, so I just noticed while testing an MFC of another commit that adds > deprecation warnings (GELI) that these warnings don't actually fire in 11 > because gone_in(13, ...) only warns on 12.x and later: > > void > _gone_in(int major, const char *msg) > { > > gone_panic(major, P_OSREL_MAJOR(__FreeBSD_version), msg); > if (P_OSREL_MAJOR(__FreeBSD_version) >= major) > printf("Obsolete code will removed soon: %s\n", msg); > else if (P_OSREL_MAJOR(__FreeBSD_version) + 1 == major) > printf("Deprecated code (to be removed in FreeBSD %d): > %s\n", > major, msg); > } > > I guess we could make the later test unconditional on stable/11 (and > possibly > make that change on HEAD and MFC it)? I think I understand why we did that > originally (you could MFC warnings back to older branches without annoying > users to keep code in sync), but I wonder if in practice we don't want the > warnings always enabled? > "It seemed like a good idea at the time" I think is why we did it, but it turns out that it's not such a good idea. I agree: we should always warn in older branches because latter-day releases of those branches will be proximate to the removal time in major + 2. This is a perfect example of this. Warner