From owner-freebsd-questions@freebsd.org Fri Nov 30 11:31:50 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B16A51140B84 for ; Fri, 30 Nov 2018 11:31:50 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0E7937D7F2 for ; Fri, 30 Nov 2018 11:31:50 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.202.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id D29F21CA2F for ; Fri, 30 Nov 2018 11:31:47 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/D29F21CA2F; dkim=none; dkim-atps=neutral Subject: Re: Timed releases for the new FreeBSD support model To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <2177b51e-dc7e-7c3e-b9e6-42fa5e1aaa47@FreeBSD.org> Date: Fri, 30 Nov 2018 11:31:46 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 0E7937D7F2 X-Spamd-Result: default: False [2.06 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.57)[0.567,0]; NEURAL_SPAM_MEDIUM(0.58)[0.575,0]; ASN(0.00)[asn:20712, ipnet:2001:8b0::/32, country:GB]; NEURAL_SPAM_SHORT(0.92)[0.922,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2018 11:31:51 -0000 On 29/11/2018 16:53, D. Ebdrup wrote: > In lieu of any suggestions for where discussion can take place in the > announcement email, I figured it'd be best to start this here. So with > that said, and since FreeBSDs support model is changing, I've been > wondering whether its possible for FreeBSD to have timed releases - so > here's something to get a conversation started on that: Core is handling the discussons and will be meeting with FreeBSD developers and corporate users during various events, developer summits and conferences. There isn't really a public conversation about this at the moment, but it's unlikely to happen on freebsd-questions@... > Can FreeBSD do timed releases? > They have advantages and disadvantages, of course - but I'm wondering > if the advantages outweighs the disadvantages. Yes, FreeBSD can, and will, do timed releases. In principle it already does, although the schedule seems pretty elastic. The main points of contention are about how frequently updates should happen, how long those are supported for and how many concurrent branches should be available under support. There seems to be two different groups of users, one of whom needs a stable API and KBI for long term (eg. 5 years), and the other which needs to be updating pretty rapidly and always staying within sight of the bleeding edge. > Does anything stop timed releases from being possible with the way > FreeBSD currently does releases? > E.g. picking features from a stable branch, instead of shoveling > everything in the repository into a release to get it out on time > (which I don't think anyone wants?). > > Assuming there are other issues, can these be fixed? There is a question about what changes can be allowed within a 'stable' branch -- so that eg. 3rd party kernel modules should continue to work across the lifetime of the branch, there should not be major changes to APIs and ABIs, so for instance the update to openssl-1.1.1 currently happening for 12.0-RELEASE. These considerations already exist but the details will need to be codified and laid down for whatever upgrade scheme we come up with. > In a similar vein, I think there's some questions FreeBSD needs to > answer before making the decision on whether it should have timed > releases, if it's possible. Here's some: > > Is a timed release delayed if someone emails so@ with patch for an > exploit that's in a release while it's being built? > Personally, I think I'd prefer a release be delayed slightly as > day0/day1 binary updates seems irresponsible to me (read: distributing > releases with known security exploits, that is). We've always worked on the principle that releases are released only when they are ready, so, yes, security advisories and last minute regressions can delay a release. > What happens in case a PoC appears after being withheld until a > release has been built? > Presumably the only way to fix that is with a binary update. It's not the existence of a proof of concept that matters; it's whether there is public knowledge that a particular vulnerability exists. If you where there's a vulnerability, then generating an exploit is relatively easy. Usually this is handled under a process of 'responsible disclosure' -- people that discover a vulnerability will contact software providers privately and give them a reasonable time to generate fixes. Then at some pre-agreed time, all of the providers publish their fixes pretty much simultaneously and the original discoverers publish their work. If this process were to span the time when a new FreeBSD release was in progress, then the correct response would be to carry on with the release and publish a security advisory and patches post-release once the embargo period was over. > And finally: Can pkg'd base change any of the answers - to me, it > seems like an obvious candidate for making timed releases easier, but > I might be missing something obvious. Correct. pkg base is going to help with the way releases are handled. Once pkg base has had the bugs ironed out and is fit for purpose, which is slowly being worked on. Cheers, Matthew