Upcoming Releases Schedule...
rwatson at FreeBSD.org
Mon Sep 22 19:42:00 UTC 2008
On Mon, 22 Sep 2008, Jo Rhett wrote:
> Again, what you are saying makes a lot of sense, and I have no problem with
> it. We're just missing the crucial bit -- what is it going to take to reach
> that goal? Regardless of commit bits, etc and such forth. Is 10 hours a
> week of one person enough? Does it really need 4 people with 10 hours a
> week? How do we get from here to there?
> This is where I think we're missing each other. Achieving a commit bit --
> sure, no problem with what you have outlined. But you haven't finished the
> thought enough to confirm whether me having a commit bit would solve the
> problem we are trying to solve.
> I mean honestly, is one person with a commit bit and some time enough to
> solve the problem? I've been involved with enough projects to know that the
> real answer might be, "no, we actually have all the people we need with
> commit bits but our infrastructure makes doing this difficult right now".
Lack of human resources, to use a vile term, is currently the limiting factor.
What happens when that is cleared is another question, but in the end there
aren't a whole lot of paths to greater efficiency here: for each
vulnerability, we generally start with the HEAD of the tree working back by
age, for each branch identifying:
- Whether the vulnerability, or broad class of vulnerabilities, exists
- If the same patch applies, whether it fixes all instances of the problem in
the next branch as well
- Generate commit candidate
- Test builds and runs
- Generate binary updates
- Generate appropriate security advisory information
This is an inherently manual process because security patches touch a variety
of parts of the system and each has different implications, the tendency for
vulnerabilities to come in classes, etc. None of us remembers the format
string vulnerability's arrival on the scene fondly since it became necessary
to modify the compiler to try to mechanically sweep the tree for similar
issues, for example.
The older a branch, the more likely it is that it requires a different
analysis and a different patch, hence the sigh of relief when 5.x fell off the
support list -- not because it was a bad branch, but because there was
significant divergence and maintaining three active development branches at
once (5.x, 6.x, and 7.x) was a serious stretch.
<long essay elided>
Robert N M Watson
University of Cambridge
More information about the freebsd-stable