Re: RFC: Removing WITHOUT_CAPSICUM and WITHOUT_CASPER from 14.x

My only feedback is that bsd-user doesn't fully implement capsicum, which
may cause
issues with that...

Warner

On Wed, Feb 15, 2023 at 9:53 PM Colin Percival <cperciva@tarsnap.com> wrote:

> Hi FreeBSD architects,
>
> I'd like to remove WITHOUT_CAPSICUM and WITHOUT_CASPER for FreeBSD 14.x.
>
> The rationale for this is threefold:
>
> 1. They doesn't serve any useful purpose and merely weakens security;
>
> 2. They're an anomaly among WITH/WITHOUT options -- most WITHOUT_* options
> take the form "don't build/install <components>" rather than having
> effects across the entire tree.
>
> 3. They're a pain for release engineering, because approximately nobody
> ever
> tests FreeBSD with WITHOUT_CAPSICUM or WITHOUT_CASPER set, but they're the
> sort of option which can easily break the build due to having affects all
> over the tree.
>
> If nobody objects, my plan is to get rid of the WITHOUT_ build options
> first
> and leave MK_{CAPSICUM,CASPER} set unconditionally to "yes"; then sweep the
> tree (mostly a matter of running unifdef) after 14.x is branched.
>
> --
> Colin Percival
> FreeBSD Deputy Release Engineer & EC2 platform maintainer
> Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
>
>