svn commit: r50860 - head/en_US.ISO8859-1/htdocs/news/status
Benjamin Kaduk
bjk at FreeBSD.org
Sun Sep 17 20:45:13 UTC 2017
Author: bjk
Date: Sun Sep 17 20:45:11 2017
New Revision: 50860
URL: https://svnweb.freebsd.org/changeset/doc/50860
Log:
Make an editing pass through the 2017Q2 report
Modified:
head/en_US.ISO8859-1/htdocs/news/status/report-2017-04-2017-06.xml
Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2017-04-2017-06.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2017-04-2017-06.xml Sun Sep 17 14:45:33 2017 (r50859)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2017-04-2017-06.xml Sun Sep 17 20:45:11 2017 (r50860)
@@ -83,6 +83,12 @@
<description>Miscellaneous</description>
</category>
+ <category>
+ <name>third</name>
+
+ <description>Third-Party Projects</description>
+ </category>
+
<project cat='proj'>
<title>64-bit Inode Numbers</title>
@@ -118,7 +124,7 @@
<body>
<p>The 64-bit inode project was completed and merged into
- &os; 12 on May 23, 2017. It extends the <tt>ino_t</tt>,
+ &os; 12 on May 23, 2017. It extends the <tt>ino_t</tt>,
<tt>dev_t</tt>, and <tt>nlink_t</tt> types to be 64-bit
integers. It modifies the <tt>struct dirent</tt> layout to
add a <tt>d_off</tt> field, increases the size of
@@ -137,10 +143,10 @@
<tt>struct stat</tt> as parameters are broken in backward- and
forward-incompatible ways.</p>
- <p>The ABI for <tt>kinfo</tt> sysctl MIBs is changed in a
+ <p>The ABI for <tt>kinfo</tt>-consuming sysctl MIBs is changed in a
backward-compatible way, but there is no general mechanism to
handle other sysctl MIBS which return structures where the
- layout has changed. It was considered that the breakage is
+ layout has changed. In our consideration, this breakage is
either in management interfaces, where we usually allow ABI
slippage, or is not important.</p>
@@ -207,8 +213,8 @@
subjects: how to create a &os; port (presented by jadawin@),
how OVH is using Finite State Machines for managing their
storage system, network high-availability with &os;, and a
- jail tutorial by means of a demonstration running 200 OSFP
- (using <tt>net/bird</tt>) routers using jail and vnets on a
+ jail tutorial by means of a demonstration running 200 OSPF
+ (using <tt>net/bird</tt>) routers using jails and vnets on a
small PC Engines APU2 system with only 4 CPU cores (1Ghz AMD)
and 4GB RAM).</p>
</body>
@@ -236,7 +242,7 @@
<body>
<p>FRRouting (FRR), a Quagga fork, is an IP routing protocol
suite for Linux and Unix platforms which includes protocol
- daemons for BGP, IS-IS, OSPF and RIP (LPD and PIM need to be
+ daemons for BGP, IS-IS, OSPF and RIP (LPD and PIM support needs to be
fixed on &os;). FRR is a Linux Foundation Collaborative
Project with contributors including 6WIND, Architecture
Technology Corporation, Big Switch Networks, Cumulus Networks,
@@ -258,6 +264,7 @@
</name>
<email>dhw at FreeBSD.org</email>
</person>
+
<person>
<name>
<given>Larry</given>
@@ -265,6 +272,7 @@
</name>
<email>ler at FreeBSD.org</email>
</person>
+
<person>
<name>
<given>Ryan</given>
@@ -272,6 +280,7 @@
</name>
<email>zi at FreeBSD.org</email>
</person>
+
<person>
<name>
<given>Eygene</given>
@@ -279,6 +288,7 @@
</name>
<email>rea at FreeBSD.org</email>
</person>
+
<person>
<name>
<given>Remko</given>
@@ -286,6 +296,7 @@
</name>
<email>remko at FreeBSD.org</email>
</person>
+
<person>
<name>
<given>Kurt</given>
@@ -300,14 +311,13 @@
</links>
<body>
- <p> Postmaster handles the mail flow for the &os;
- project.</p>
+ <p> Postmaster handles the mail flow for the &os; project.</p>
<p>Clusteradm provides us with four jails: mailman, mailarchive,
- mx1 and mx2. In addition, there is some part of the setup
+ mx1, and mx2. In addition, there is some part of the setup
running on freefall.FreeBSD.org. The system uses
- <tt>postfix</tt>, <tt>mailman</tt>, <tt>spamassassin</tt> and
- some other tools from the ports tree to handle the mailflow.
+ <tt>postfix</tt>, <tt>mailman</tt>, <tt>spamassassin</tt>, and
+ some other tools from the ports tree to handle the mail flow.
We use a very small, non-public Subversion repository for
parts of the configuration.</p>
@@ -318,7 +328,8 @@
<p>Thanks to Florian for his long service in that role! David
Wolfskill is planning to leave the role as soon as the new
team members are settled. Vsevolod Stakhov plans to provide
- us with support to integrate <tt>rspamd</tt> into the setup.</p>
+ us with support to integrate <tt>rspamd</tt> into the setup,
+ as well.</p>
<p>The workload for the Postmaster Team is not high, but the
complexity of the setup has its own demands.</p>
@@ -402,7 +413,7 @@
desired functionality.</p>
<p>LLD is now used as the default system linker for
- &os;/arm64 and can link a working kernel, modules, and
+ &os;/arm64 and can link a working kernel, kernel modules, and
userland for &os;/amd64. LLD can also link a working
kernel and modules (but not userland) for &os;/arm and
&os;/i386.</p>
@@ -411,7 +422,7 @@
as the system linker (either by fixing the port, or
configuring the port to be linked by GNU <tt>ld</tt>).</p>
- <p>For &os; 12.0 we expect to use LLD as the system linker for
+ <p>For &os; 12.0 we expect to use LLD as the system linker for
the same set of architectures that use Clang by default:
32- and 64-bit arm and x86.</p>
</body>
@@ -423,7 +434,7 @@
command line arguments as for GNU <tt>ld</tt> and
<tt>gold</tt>.</task>
- <task>Investigate remaining amd64 and arm64 port
+ <task>Investigate the remaining amd64 and arm64 port
build failures.</task>
<task>Investigate and improve LLD on i386 and arm, before
@@ -451,10 +462,10 @@
<body>
- <p>The in-tree DTC (Device Tree Compilator) was switched to use the
+ <p>The in-tree DTC (Device Tree Compiler) was switched to use the
BSD-licensed version by default. (The previous default DTC is
licensed under the GPL.) The current version supports overlays
- and is able to compile every DTS used by the &os; arm
+ and is able to compile every DTS (Device Tree Source) used by the &os; arm
releases. The ports GPL version was updated to the latest
release (1.4.4). The in-tree GPL version is still present but
the goal is to remove it before &os; 12.0.</p>
@@ -522,7 +533,7 @@
bulk build output (the "Ignored ports" portion, in
particular) and see quickly what ports are failing to build
and why. Previously, finding the exact reason why a build
- failed needed some research (<tt>portsmon</tt> only models
+ failed needed some research (<tt>portsmon</tt> only analyzes
failure messages on amd64). Additionally, it is extremely
difficult to work through several hundred logs that simply say
"failed to compile", "failed to link", and
@@ -537,7 +548,7 @@
output, I have begun reworking some existing
<tt>BROKEN</tt>/<tt>NOT_FOR</tt>/<tt>ONLY_FOR</tt> messages so
that they will sort more easily. This includes sorting the
- order of the <tt>ARCH</tt> definitions.</p>
+ order in which architectures appear in the lists.</p>
<p>Many people have been doing great work on fixing the
individual ports. I hope that my work makes their jobs
@@ -571,11 +582,11 @@
</links>
<body>
- <p>ENA (Elastic Network Adapter) is a 25G SmartNIC developed by
+ <p>The ENA (Elastic Network Adapter) is a 25G SmartNIC developed by
Annapurna Labs and is based on a custom ARMv8 chip. This is a
- high performance networking card available in the AWS offering.
+ high-performance networking card available in the AWS offerings.
It introduces enhancements in network utilization scalability
- on EC2 machines under control of various operating systems, in
+ on EC2 machines under the control of various operating systems, in
particular &os;.</p>
<p>The goal of &os; enablement is to provide top performance and
@@ -587,7 +598,7 @@
<li>hardware offloads (rx and tx checksum)</li>
- <li>admin queue</li>
+ <li>an admin queue</li>
<li>asynchronous notifications</li>
@@ -611,7 +622,7 @@
<sponsor>Annapurna Labs — an Amazon company</sponsor>
<help>
- <task>Add RSS configuration from userspace (sysctls).</task>
+ <task>Add RSS configuration from userspace (via sysctls).</task>
<task>Add support for LLQ mechanisms.</task>
</help>
@@ -640,7 +651,7 @@
<p>I'm working on a third edition of <i>Absolute &os;</i>. This
will be a nearly complete rewrite, thanks to the addition of
little details like ZFS, GPT, <tt>dma</tt>, GELI, new boot
- stuff, disk labeling, <tt>pkg(8)</tt>, <tt>blacklistd</tt>,
+ procedures, disk labeling, <tt>pkg(8)</tt>, <tt>blacklistd</tt>,
jails, etc..</p>
<p>My current (delusional) plan is to have a first draft
@@ -678,7 +689,7 @@
"layout" in use specifies how the division occurs, with
metadata operations occurring against the main server, and
bulk data operations (read/write/setattr/etc.) occurring via
- a layout-specific scheme between the client and data
+ a layout-specific scheme between the client and the data
servers.</p>
<p>My first attempt at a pNFS server using GlusterFS was a dud.
@@ -686,7 +697,7 @@
usable. This attempt that I call "Plan B", only
uses &os;, with one &os; server handling the metadata
operations and multiple &os; servers configured to serve
- data and is now ready for third party testing. If testing by
+ data, is now ready for third-party testing. If testing by
third parties goes well, I anticipate the code will be
merged into &os; head in time for &os; 12. Fairly
recent &os; or Linux systems should be usable as pNFS
@@ -701,7 +712,7 @@
<p>The patched &os; sources may now be accessed for testing
via either Subversion or download of a gzipped tarball.
- They consist of a patched kernel plus nfsd daemon and can be
+ They consist of a patched kernel and <tt>nfsd</tt> and can be
used on any &os; 11 or later system.</p>
</body>
@@ -730,8 +741,8 @@
</links>
<body>
- <p>&os; supports the Xen hypervisor, with DomU support since
- &os; 8.0 and Dom0 available since &os; 11.0. The
+ <p>&os; supports the Xen hypervisor, with DomU (guest) support since
+ &os; 8.0 and Dom0 (host) available since &os; 11.0. The
&os; Handbook was lacking instructions on how to run a Xen
host and VMs. The steps were outlined in the &os; wiki, but
needed some extra bits of text from the upstream Xen wiki in
@@ -743,7 +754,7 @@
<p>Reviewers Nikolai Lifanov, Roger Pau Monné, and Warren Block
provided valuable feedback on the initial version in
- Phabricator. Additional corrections were found by Björn
+ Phabricator. Additional corrections were made by Björn
Heidotting while translating the section into German.</p>
</body>
@@ -816,11 +827,11 @@
href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=220290">PR220290</a>)</li>
</ul>
- <p>We have created new Subversion tag (<em>4.13</em>) in order
- to follow the unstable releases (due to changes in <tt>USES=
- xfce</tt> infrastucture, and not backward compatible new API
- in <tt>xfconf</tt>). Ports following unstable release
- are:</p>
+ <p>We have created a new Subversion tag (<em>4.13</em>) in order
+ to follow the unstable releases. The separate tag was
+ necessary in order to support changes in the <tt>USES=xfce</tt>
+ infrastucture, and due to some incompatible changes to the
+ <tt>xfconf</tt> API. Ports following the unstable release are:</p>
<ul>
<li><tt>deskutils/xfce4-tumbler</tt> (0.1.92.1)</li>
@@ -888,11 +899,12 @@
merging everything in one big commit, we have been updating
the GNOME ports one at a time or in small groups. For
example, the GTK+ stack and the Evolution Suite were updated
- as groups, and all the gnome-games were done in one commit.
- It might be a bit more work preparing and testing the
- updates, but on the plus side, it easy to keep track of what
- is going on, and allows us to pay attention to the details.
- And it should be easier to commit smaller changes.</p>
+ as groups, and all the <tt>gnome-games</tt> components were
+ done in one commit. It might be a bit more work preparing
+ and testing the updates, but on the plus side, it easy to
+ keep track of what is going on, and allows us to pay
+ attention to the details. It should also make it easier to commit
+ smaller changes.</p>
<p>This quarter started with the update of GTK+ 3 to 3.22.15,
and the underlying libraries to their latest stable
@@ -925,7 +937,7 @@
Unfortunately, GDM is blocking the update because of a
"handoff" bug to the session after login.</task>
- <task>Fix the control-center printer sub menu. As a
+ <task>Fix the printer submenu in <tt>gnome-control-center</tt>. As a
workaround, <tt>system-config-printer</tt> can be used to
configure printers.</task>
@@ -973,10 +985,10 @@
learning and AI. There are official binaries for Linux, Mac,
Windows, and Android, but no official support for &os;. For
the last several months, I have done some work to make
- TensorFlow available on &os;. Some notable work:</p>
+ TensorFlow available on &os;. Some notable items include:</p>
<ul>
- <li>Patch <tt>bazel</tt> to not depend on <tt>/proc</tt> at
+ <li><tt>bazel</tt> was patched to not depend on <tt>/proc</tt> at
build time. <tt>bazel</tt> is a build tool made by Google.
It uses <tt>/proc</tt> to get path-to-self when building C++
code, but mounting <tt>/proc</tt> is usually not allowed
@@ -1016,7 +1028,7 @@
<task>Review, test, comment, and most importantly, commit to the
Ports Collection.</task>
- <task>Fix the OpenCL support on &os;.</task>
+ <task>Fix OpenCL (GPU acceleration) support on &os;.</task>
<task>Port <tt>tensorflow-serving</tt>, which is a flexible,
high-performance serving system for machine learning models
@@ -1073,8 +1085,8 @@
<p>I started looking into Ceph because the HAST solution with
CARP and <tt>ggate</tt> did not really do what I was looking
- for. But I aim to run a Ceph storage cluster of storage nodes
- that are running ZFS. User stations would be running
+ for. I aim to run a Ceph storage cluster of storage nodes
+ that are running ZFS, with user workstations running
<tt>bhyve</tt> on RBD disks that are stored in Ceph.</p>
<p>Compiling for &os; will now build most of the tools
@@ -1093,9 +1105,9 @@
<li><tt>rbd-ggate</tt> is available to create a Ceph
<tt>rdb</tt> backed device. <tt>rbd-ggate</tt> was
- submitted by Mykola Golub. That works in a rather simple
- fashion, once a cluster is functioning, with <tt>rdb
- import</tt> and <tt>rdb-gate map</tt> creating
+ submitted by Mykola Golub. It works in a rather simple
+ fashion: once a cluster is functioning, <tt>rdb
+ import</tt> and <tt>rdb-gate map</tt> are used to create
<tt>ggate</tt>-like devices backed by the Ceph cluster.</li>
</ul>
@@ -1114,9 +1126,9 @@
—only <tt>/bin/bash</tt> is there to stay.</li>
</ul>
- <p>Looking forward, the next official release of Ceph is called
+ <p>The next forthcoming official release of Ceph is called
Luminous (v12.1.0). As soon as it is available from upstream,
- a port will be made provided for &os;.</p>
+ a port will be provided for &os;.</p>
<p>To get things running on a &os; system, run <tt>pkg install
net/ceph-devel</tt> or clone <a
@@ -1129,7 +1141,7 @@
<ul>
<li>KRBD — but <tt>rbd-ggate</tt> is usable in its
- stead</li>
+ stead.</li>
<li>BlueStore — &os; and Linux have different AIO APIs,
and that incompatibility needs to be resolved somehow.
@@ -1145,7 +1157,7 @@
<task>Investigate the keystore, which can be embedded in the
kernel on Linux and currently prevents building Cephfs and
some other parts. The first question is whether it is really
- required, or only KRBD requires it.</task>
+ required, or if only KRBD requires it.</task>
<task>Scheduler information is not used at the moment, because the
schedulers work rather differently between Linux and &os;.
@@ -1159,7 +1171,7 @@
<task>Build a test cluster and start running some of the
teuthology integration tests on it. Teuthology wants to build
- its own <tt>libvirt</tt> and that does not quite work with all
+ its own <tt>libvirt</tt>, and that does not quite work with all
the packages &os; already has in place. There are many
details to work out here.</task>
@@ -1169,7 +1181,7 @@
</project>
<project cat="ports">
- <title>A New USES Macro for Porting Cargo-Based Rust Applications</title>
+ <title>A New <tt>USES</tt> Macro for Porting Cargo-Based Rust Applications</title>
<contact>
<person>
@@ -1242,24 +1254,24 @@
</contact>
<body>
- <p>Work proceeds to finalize the upstreaming process of support
- for the Marvell Armada38x platform to &os;-HEAD.</p>
+ <p>Work proceeds to finalize the process of bringing support
+ for the Marvell Armada38x platform into &os;-HEAD.</p>
- <p>The most important bits of the recent effort are:</p>
+ <p>The most important parts of the recent effort are:</p>
<ul>
<li>Add the network driver (NETA)</li>
<li>Enable coherent <tt>busdma</tt> operation for all ARMv7 SoCs</li>
- <li>Add various low-level optimisations, such as L1 cache
+ <li>Add various low-level optimizations, such as L1 cache
prefetch and MBUS quirks</li>
<li>Enable PL310 L2 cache controller</li>
<li>Add SDHCI support</li>
- <li>Fixes for the <tt>e6000sw</tt> driver and rework of its
+ <li>Fixes for the <tt>e6000sw</tt> driver and a rework of its
PHY handling</li>
<li>Support multi-port PCIe operation</li>
@@ -1293,7 +1305,7 @@
<links>
<url href="http://www.sndio.org">Sndio Homepage</url>
<url href="https://www.openbsd.org/papers/asiabsdcon2010_sndio.pdf">Sndio Paper</url>
- <url href="https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf">Comprehensive and biased comparison of OpenBSD and &os; (section 17)</url>
+ <url href="https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf">Comprehensive and Biased Comparison of OpenBSD and &os; (Section 17)</url>
</links>
<body>
@@ -1314,7 +1326,7 @@
recording through it. To that end, I submitted several patches
to various ports over the course of the last year.</p>
- <p>A short selection of ports that now support <tt>sndio</tt> in
+ <p>Here's a short selection of ports that now support <tt>sndio</tt> in
the &os; Ports Collection:</p>
<ul>
@@ -1354,7 +1366,7 @@
the Ports Collection.</task>
<task>If you maintain or use an audio-related port, consider
- checking if it includes an <tt>sndio</tt> backend and adding
+ checking whether it includes an <tt>sndio</tt> backend, and adding
an <tt>SNDIO</tt> option. Thanks to the OpenBSD developers,
several open-source projects already include one, so adding it
might be very easy to do.</task>
@@ -1382,12 +1394,12 @@
</links>
<body>
- <p>The KDE on &os; team focuses on packaging and making sure
- that the experience of KDE and Qt on &os; is as good as
+ <p>The KDE on &os; team focuses on packaging KDE and Qt, and making sure
+ that their experience on &os; is as good as
possible.</p>
<p>This quarter, in addition to the regular updates to the KDE,
- Qt and related ports, there have also been some changes behind
+ Qt, and related ports, there have also been some changes behind
the scenes: our development repository has moved to GitHub,
and &os; is now part of KDE's official continuous integration
(CI infrastructure).</p>
@@ -1409,8 +1421,8 @@
from KDE's git repositories. There is strong commitment from
upstream and the downstream KDE-&os; team to reduce the amount
of patching in the KDE ports to as little as possible. The
- first effects are being felt in expanding unittests to
- &os;-specific situations, and in extending Qt to handle &os;
+ first effects are being felt in expanding the set of unit tests to
+ include &os;-specific situations, and in extending Qt to handle &os;
filesystems better. In addition to the KDE sysadmins, we
would also like to extend our thanks to Adriaan de Groot, who
is both a KDE committer and part of our KDE on &os; team, for
@@ -1422,7 +1434,7 @@
<ul>
<li>CMake was updated to 3.8.0 and 3.8.2</li>
- <li>KDE Frameworks were updated to 5.33, 5.34 and 5.35</li>
+ <li>KDE Frameworks was updated to 5.33, 5.34 and 5.35</li>
<li>The Calligra office suite was updated to 3.0.1, the first
release in the ports tree to be based on KDE Frameworks 5,
@@ -1489,10 +1501,10 @@
non-standard PHP-configurations or describe your exotic
setups! These can be as simple as changed default versions,
like LibreSSL instead of OpenSSL or the GCC version used for
- compiling. I, for example, use always another
- PostgreSQL-version than default (and always PHP 7.1). Of
- course, this also covers options set in an non-default way or
- setups changing variables to allow for multiple PHP
+ compiling. I, for example, always use another
+ PostgreSQL-version than the default (and always PHP 7.1). Of
+ course, this also covers port options set in an non-default way or
+ setups that change variables to allow for multiple PHP
installations, etc..</p>
<p>I plan to test on all supported &os; versions, so you only
@@ -1524,7 +1536,7 @@
</contact>
<links>
- <url href="https://github.com/NuxiNL/arpc">ARPC: GRPC-Like RPC Library That Wupports File Descriptor Passing</url>
+ <url href="https://github.com/NuxiNL/arpc">ARPC: GRPC-Like RPC Library That Supports File Descriptor Passing</url>
<url href="https://github.com/NuxiNL/flower">Flower: A Label-Based Network Backplane</url>
</links>
@@ -1535,9 +1547,9 @@
<tt>connect()</tt> and <tt>sendto()</tt> are disabled. Though
we can sometimes work around this by ensuring that the
sandboxed process already possesses socket file descriptors on
- startup, this doesn't allow the destination process to be
+ startup, this does not allow the destination process to be
restarted, moved to a different network address, be load
- balanced, etc.</p>
+ balanced, etc..</p>
<p>Coming up with a solution for this is quite important for me,
as I am currently working on making CloudABI work on top of
@@ -1601,9 +1613,9 @@
<links>
<url href="https://www.FreeBSD.org/ports/">About &os; Ports</url>
- <url href="https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/ports-contributing.html">Contributing to ports</url>
+ <url href="https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/ports-contributing.html">Contributing to Ports</url>
<url href="http://portsmon.freebsd.org/index.html">&os; Ports Monitoring</url>
- <url href="https://www.freebsd.org/portmgr/index.html">Ports Management Team</url>
+ <url href="https://www.freebsd.org/portmgr/index.html">Ports Management Team Website</url>
<url href="https://twitter.com/freebsd_portmgr/">&os; portmgr on Twitter (@freebsd_portmgr)</url>
<url href="https://www.facebook.com/portmgr">&os; Ports Management Team on Facebook</url>
<url href="https://plus.google.com/communities/108335846196454338383">&os; Ports Management Team on Google+</url>
@@ -1611,7 +1623,7 @@
<body>
<p>This quarter, 2017Q2, broke the 30,000 ports landmark for the
- first time. The PR count is currently just under 2,500 with
+ first time. The PR count is currently just under 2,500, with
almost 600 of them unassigned. This quarter saw almost 7,400
commits from 171 committers. More PRs got closed this
quarter, but also more PRs got sent in, both of which are good
@@ -1637,7 +1649,7 @@
binaries using the <tt>cargo</tt> command (also covered
separately in this report).</li>
- <li><tt>groff</tt>, to handle the dependency on the
+ <li><tt>groff</tt>, to handle a dependency on the
<tt>groff</tt> document formatting system, that has been
removed from the base system for &os; 12.</li>
@@ -1749,7 +1761,7 @@
RAM.</p>
<p>The default linker on arm64 is now <tt>lld</tt>. This
- means &os; is able to build itself with just the components
+ means that &os; is able to build itself with just the components
in the base system, a big milestone!</p>
</body>
</project>
@@ -1768,7 +1780,7 @@
<url href="https://wiki.FreeBSD.org/Rust">Wiki Portal</url>
<url href="https://gist.github.com/dumbbell/b587da50ef014078da9e732a4331ebad">Guide to Bootstrap Rust on &os;</url>
<url href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=216143">Bug Report to Track Progress on Bootstrapping</url>
- <url href="https://internals.rust-lang.org/t/pre-rfc-target-extension-dealing-with-breaking-changes-at-os-level/5289">Upstream Discussion of API/ABI Breaking Changes</url>
+ <url href="https://internals.rust-lang.org/t/pre-rfc-target-extension-dealing-with-breaking-changes-at-os-level/5289">Upstream Discussion of API/ABI-Breaking Changes</url>
</links>
<body>
@@ -1861,7 +1873,7 @@
</body>
</project>
- <project cat='proj'>
+ <project cat='third'>
<title>HardenedBSD</title>
<contact>
@@ -1883,7 +1895,7 @@
</contact>
<links>
- <url href="https://hardenedbsd.org/">HardenedBSD</url>
+ <url href="https://hardenedbsd.org/">HardenedBSD Homepage</url>
<url href="http://clang.llvm.org/docs/SafeStack.html">SafeStack</url>
<url href="http://t3a73imee26zfb3d.onion/">HardenedBSD Tor Hidden Service</url>
<url href="https://github.com/HardenedBSD/hardenedBSD/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22">Projects HardenedBSD Would Like Help With</url>
@@ -1891,55 +1903,35 @@
<body>
<p>HardenedBSD is a derivative of &os; that gives special attention to
- security related enhancements and exploit-mitigation
- technologies. The project started with Address Space Layout
- Randomization (ASLR) as an initial focal point and is now
- implementing further exploit mitigation techniques.</p>
+ security-related enhancements and exploit-mitigation
+ technologies. From an initial focus on Address Space Layout
+ Randomization (ASLR), it has now branched out to explore
+ additional exploit mitigation techniques.</p>
- <p>It has been a long while since HardenedBSD's last appearance
- in a quarterly status report, with the last status report
- being from December of 2015. Accordingly, this status report
- will be a long one!</p>
+ <p>It has been a long while since HardenedBSD's last entry
+ in a quarterly status report, back in 2015Q4. The
+ intervening year saw HardenedBSD gain new developers
+ Bernard Spil and Franco Fichtner, import LibreSSL and
+ OpenNTPd into base as the default crypto library and NTP
+ client, respectively, and introduce the <tt>hbsd-update</tt>
+ binary update mechanism for the base system. The
+ <tt>secadm</tt> application got a rewrite and Trusted Path
+ Execution (TPE). PIE is now enabled for the base system for
+ arm64 and amd64 as well as the bulk of the ports tree, and the
+ ports tree also gained RELRO and BIND_NOW. Integriforce
+ (similar to NetBSD's verified exec, <tt>veriexec</tt>) was
+ introduced for the base system, as well as SafeStack, a
+ technology for protection against stack-based buffer
+ overflows that's developed by the Clang/LLVM community.
+ SafeStack relies and builds on top of Address Space Layout
+ Randomization (ASLR), and is strengthened by the presence of
+ PaX NOEXEC. Certain high-profile ports also have SafeStack
+ enabled.</p>
- <p>HardenedBSD has gained Bernard Spil and Franco Fichtner
- as developers on the project. Bernard has imported both
- LibreSSL and OpenNTPd into base. OpenNTPd and LibreSSL have
- been set as the default <tt>ntp</tt> daemon and crypto library
- respectively on HardenedBSD 12-CURRENT. Franco has given the
- ports hardening framework a much-needed refactor.</p>
+ <p>Extremely generous hardware donations from G2, Inc. have
+ provided for dedicated package building and binary update
+ servers, as well as development and test servers.</p>
- <p>We introduced a new secure binary update mechanism for the
- base system, <tt>hbsd-update</tt>. Our <tt>secadm</tt>
- application was rewritten to be made more efficient — it
- now includes a feature called Integriforce, which is similar
- in scope as NetBSD's verified exec (<tt>veriexec</tt>).
- Trusted Path Execution (TPE) was also introduced into
- <tt>secadm</tt>.</p>
-
- <p>Through extremely generous donations from G2, Inc,
- HardenedBSD has a dedicated package building server, a
- dedicated binary update publishing server, and several
- development and test servers.</p>
-
- <p>In April of 2016, we introduced full PIE support for the base
- system on arm64 and amd64. In June of 2016, we started
- shipping Integriforce rules for the base system in the binary
- updates distributed via <tt>hbsd-update</tt>. In August of
- 2016, PIE, RELRO, and BIND_NOW were enabled for the entire
- ports tree, with the exception of a number of ports that have
- one or more of those features explicitly disabled.</p>
-
- <p>In November of 2016, we introduced SafeStack into the base
- system. SafeStack is an exploit mitigation technique that
- helps protect against stack-based buffer overflows. It is
- developed by the Clang/LLVM community and is included, but not
- used, in &os;. In order to be effective, SafeStack relies and
- builds on top of Address Space Layout Randomization (ASLR).
- Additionally, SafeStack is made stronger with HardenedBSD's
- port of PaX NOEXEC. SafeStack is also enabled by default for
- a number of high-profile ports in HardenedBSD's ports
- tree.</p>
-
<p>In March of 2017, we added Control Flow Integrity (CFI) to
the base system. CFI is an exploit mitigation technique that
helps prevent attackers from modifying the behavior of a
@@ -1957,7 +1949,7 @@
all DSOs in a process. Currently only the former is
implemented, but we are working hard to enable cross-DSO CFI.
As is the case for SafeStack, cross-DSO CFI requires both ASLR
- and PaX NOEXEC in order to be effective. If the attacker
+ and PaX NOEXEC in order to be effective. If an attacker
knows the memory layout of an application, the attacker might
be able to craft a data-only attack, modifying the CFI control
data.</p>
@@ -1991,7 +1983,7 @@
<task>Integrate Cross-DSO CFI.</task>
- <task>Documentation via the HardenedBSD Handbook.</task>
+ <task>Add documentation to the HardenedBSD Handbook.</task>
<task>Start porting grsecurity's RBAC.</task>
</help>
@@ -2020,7 +2012,8 @@
<links>
<url href="https://gcc.gnu.org">GCC Homepage</url>
- <url href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=219275">Issue Tracking the Update to GCC 6</url>
+ <url
+ href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=219275">Issue Tracker Entry for the Update to GCC 6</url>
<url href="https://gcc.gnu.org/gcc-5/changes.html">GCC 5 Changelog</url>
<url href="https://gcc.gnu.org/gcc-5/porting_to.html">GCC 5 Porting Issues</url>
</links>
@@ -2028,12 +2021,13 @@
<body>
<p>The default version of GCC in the Ports Collection (the one
requested by <tt>USE_GCC=yes</tt> and various
- <tt>USES=compiler</tt> invocations) has been updated from from
+ <tt>USES=compiler</tt> invocations) has been updated from
GCC 4.9.4 to GCC 5.4.</p>
<p>This new major version brings many new capabilities and
improvements, as well as some changes that may require
- adjustments, including many new compiler warnings, significant
+ adjustments. The latter category includes many new compiler
+ warnings, significant
improvements to inter-procedural optimizations, and link-time
optimization.</p>
@@ -2052,9 +2046,9 @@
binaries.</p>
<p>This is the end of a long journey establishing this infrastructure,
- which is now similar that of the python ports, for example.
- Having the new infrastructure makes upgrading the default as
- well as locally adjusting the default version a lot
+ which is now similar that used by the python ports, for example.
+ Having the new infrastructure makes upgrading the default, as
+ well as locally adjusting the default version, a lot
easier.</p>
<p><tt>gcc8-devel</tt> has been added, and armv6hf support removed,
@@ -2153,12 +2147,12 @@
not to me. In fairness, the removal of version strings from the
FDP Primer alone is a small change in a tiny corner of the
project. Looking at it another way, it might be that some
- things that seem to be necessary are more about comfort in
+ things that seem to be necessary are more about the comfort of
familiarity than actual utility.</p>
<p>At present, this is strictly a change to the documentation
build toolchain and a single documentation book. However, there
- do not appear to be any reasons it could not be extended to the
+ do not appear to be any reason why it could not be extended to the
rest of the documents. It might even serve as tiny test of
whether the expansion of <tt>$FreeBSD$</tt> tags
is needed throughout the rest of the &os; tree.</p>
@@ -2212,7 +2206,7 @@
<p>Q2 Development Projects Summary</p>
- <p>The hard work continues into the 2nd quarter on 2017.
+ <p>Our hard work continues into the 2nd quarter on 2017.
Please take a look at the highlights from our more recent
Development Projects summaries.</p>
@@ -2252,7 +2246,7 @@
<p>The proposal submission deadline was July 14, 2017, but as
mentioned above, people are welcome to submit proposals at
- anytime.</p>
+ any time.</p>
<p>Although proposals may address any &os; subsystem or
infrastructure, we are particularly interested in receiving
@@ -2260,22 +2254,22 @@
<ul>
<li>Improvements to the security of &os; itself, or of
- applications running on &os;.</li>
+ applications running on &os;</li>
<li>New test cases, improved test infrastructure, and
- quality assurance.</li>
+ quality assurance</li>
<li>Improved software development tools.</li>
<li>Projects to improve community collaboration and
- communication.</li>
+ communication</li>
<li>Improving the &os; "out of the box" experience
- for new users on various hardware platforms.</li>
+ for new users on various hardware platforms</li>
<li>Establishing &os; as a leader in advancing projects of
shared interest (such as ZFS, LLVM, or
- <tt>libarchive</tt>).</li>
+ <tt>libarchive</tt>)</li>
</ul>
<p>More details can be found at <a
@@ -2287,7 +2281,7 @@
<p>Please do not hesitate to contact
proposals at FreeBSDfoundation.org with any questions.</p>
- <p>Announcing New Partnership Program (contributed by Deb
+ <p>Announcing the New Partnership Program (contributed by Deb
Goodkin)</p>
<p>I'm excited to announce our new FreeBSD Foundation
@@ -2324,8 +2318,8 @@
providing &os; education and training, and recruiting more
contributors to the Project. We can only provide the above
support with your donations, and we need your help to
- connect us with your companies. Please consider sharing our
- new Partnership Program with your organization and helping
+ connect us with your companies. Please consider alerting
+ your organization to our new Partnership Program and helping
to connect us with the appropriate contacts at your
company.</p>
@@ -2447,7 +2441,7 @@
assistance with travel expenses for attending conferences
related to &os; development and advocacy. Please note: the
travel grant policy has been recently updated. Please
- carefully review before submitting your application.</p>
+ carefully review it before submitting your application.</p>
<p>More information about travel grants is available at: <a
href="https://www.FreeBSDfoundation.org/what-we-do/grants/travel-grants/">https://www.FreeBSDfoundation.org/what-we-do/grants/travel-grants/</a>.</p>
@@ -2529,7 +2523,7 @@
with the Project, if not become more deeply involved.</p>
<p>The naming for the new group of non-committer Project members
- took a few tries to get right: having tried, and rejected
+ took a few tries to get right: having tried, and rejected,
"Contributor" and then "Associate", Core
took the view that since what they were offerring was formal
Project Membership, then that was the right thing to call it.
@@ -2610,7 +2604,7 @@
<li>Jordan Hubbard</li>
</ul>
- <p>It is always unsettling when one of the Project's founder
+ <p>It is always unsettling when one of the Project's founding
members decides to move on, but Jordan's interests have
migrated away from &os; related projects and he has decided to
hang up his bit once and for all.</p>
More information about the svn-doc-all
mailing list