[Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 03 Sep 2024 18:30:38 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280701 --- Comment #67 from Franco Fichtner <franco@opnsense.org> --- There are some open release engineering questions in this thread, lack of professionalism discarding a problem that was later fixed without comment aside. Doing the least bit of rectifying the previous behaviour would be a good start to a useful discussion on the subject. The first and foremost question is how this was tested and verified? Was the researcher involved in all steps? The commits don't have a "Reviewed by" or "Tested by" either. Is this normal now? Does release engineering not assess the risk of spreading an SA fix over 4 commits with about 500 LOC changed introducing new features while at it? That then grew to 6 commits, with 10 commits at the moment. It's a classic scope creep that should be avoided on releases at all cost. The test coverage wasn't there to make an educated choice either. Why is the fake id portion of the original OpenBSD patch omitted? At least https://github.com/openbsd/src/commit/49f39043a02d is still missing. Can anyone comment on why one would think that we should try to get away with the least bit of commits here when we can clearly see all the related problems were seen and handled in OpenBSD in the meantime? Why does nobody ask the reporters here to test this again? Why are the insights given by reporters brushed off? You can clearly see where the problem started given that nobody cares answering these questions. TLDR: SO should do this again, please, but RE shouldn't. Cheers, Franco -- You are receiving this mail because: You are the assignee for the bug.