cvs commit: src/sys/amd64/amd64 pmap.c src/sys/i386/i386 pmap.c

Colin Percival cperciva at
Thu Apr 26 09:10:22 UTC 2007

Scott Long wrote:
> Yar Tikhiy wrote:
>> [snip]
>> It's a good news!  But what about explaining the code to the public?
>> - Mr. Developer, why does it take an ugly hack to make the device work?
>> - Can't tell ya, I'm under NDA.
> I think you have to respect that John and Stephan were doing the right
> thing with this.  This was no different than a security fix that gets
> committed before the vulnerability is disclosed.  No one seems to get
> upset that the security team operates this way.

I can only think of one recent case where a security fix was applied without
the vulnerability details becoming public within a matter of minutes (i.e.,
as soon as we could get the advisory signed and uploaded), and that was due
to a desire to avoid upstaging my BSDCan talk about hyperthreading (and in
that case, all the details became available about 16 hours after patches were

That said, I think we have to respect the fact that NDAs, while not ideal,
provide limited access to information which would otherwise be entirely
unavailable; and in such circumstances I think Yar's suggested response of
"Can't tell ya, I'm under NDA" would be perfectly acceptable.

Colin Percival

More information about the cvs-src mailing list