svn commit: r51432 - head/en_US.ISO8859-1/htdocs/news/status

Benjamin Kaduk bjk at
Mon Feb 19 18:15:15 UTC 2018

Author: bjk
Date: Mon Feb 19 18:15:14 2018
New Revision: 51432

  Add 2017Q4 core@ entry from matthew


Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2017-10-2017-12.xml
--- head/en_US.ISO8859-1/htdocs/news/status/report-2017-10-2017-12.xml	Mon Feb 19 17:00:06 2018	(r51431)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2017-10-2017-12.xml	Mon Feb 19 18:15:14 2018	(r51432)
@@ -451,4 +451,119 @@
     <sponsor>Limelight Networks (Kevin Bowling)</sponsor>
+  <project cat='team'>
+    <title>The &os; Core Team</title>
+    <contact>
+      <person>
+	<name>&os; Core Team</name>
+	<email>core at</email>
+      </person>
+    </contact>
+    <body>
+      <p>The most significant action by Core during the final quarter of
+	2017 was the approval of the new Code of Conduct after a long
+	period of development and review.  Core added a preamble to the
+	text emphasizing the principles behind the Code of Conduct over
+	detailed interpretation of the rules.  The new code delegates
+	the handling of complaints to a Code of Conduct review board; we
+	are currently finalizing practical arrangements around setting
+	up the review board before announcing the adoption of the new
+	code.</p>
+      <p>John Hixson of iXsystems was proposed, and accepted, as the
+	first new Project Member under the new rules adopted earlier
+	this year.  Core feels that John is an excellent choice as the
+	first member, and looks forwards to adding many other project
+	members in the future.</p>
+      <p>There have been some significant changes around the Security
+	Officer and secteam.  Gordon Tetlow has formally taken over the
+	role of Security Officer from Xin Li.  Xin remains an active
+	member of secteam, and Ed Maste has now joined secteam as well.
+	</p>
+      <p>Gordon joined Secteam at a point where they were struggling
+	with handling the widely publicised WPA2 vulnerability
+	(&os;-SA-17:07.wpa), and had an immediate impact simply by
+	making a public response, even though the technical fixes were
+	not entirely ready.  Gordon's remit from Core is to examine how
+	Secteam operates and work out how to manage their case-load while
+	avoiding the problems of burn-out and overload that have impeded
+	Secteam's effectiveness in the past.</p>
+      <p>One of the key problems is that security problems are handled
+	in a completely separate bug handling system to general PRs.
+	This is unusual compared to most similar OS projects, and leads
+	to difficulties in bringing in available talent from amongst the
+	entire body of &os; developers in order to be able to share
+	the load and react quickly.  Secteam is working with Bugmeister
+	to enable suitable access controls within our main Bugzilla
+	instance, so that we can both conform to bug embargoes and other
+	confidentiality requirements but also make it easy to solicit
+	fixes from a wider range of developers and to transition
+	security bugs to open handling like any other bug once there is
+	no more need for secrecy.</p>
+      <p>This quarter also saw the creation of a 10.4-RELEASE branch,
+	and the extension of the lifetime of 11.0-RELEASE by one month.
+	The former was in response to requests from a number of
+	prominent &os; consumers, who needed access to new
+	functionality but could not immediately upgrade to 11.0-RELEASE.
+	Releasing 10.4 permitted this without making a significant
+	extension to the lifetime of the 10.x release series.</p>
+      <p>The extension to 11.0-RELEASE EoL was a consequence of failing
+	to communicate the impending switch to 11.1-RELEASE in good
+	time.  Since this was the first minor version transition under
+	the new release schedule, in discussion with Secteam and Release
+	Engineering, we concluded that a delay was necessary to allow
+	the userbase sufficient warning to upgrade before 11.0-RELEASE
+	went out of support.  This was not a cost-free decision: as
+	Portmgr reminded us, this affected package building and delayed
+	implementation of some important updates.</p>
+      <p>&os; will be participating in Google Summer of Code again in
+	2018.  This has become one of our most important routes for
+	recruiting the new, young developers vital for ensuring the
+	longevity of the project.</p>
+      <p>Pedro Giffuni proposed adopting the SPDX license tagging system
+	as used by many other projects, including the Linux kernel, in
+	order to facilitate programatic license management by downstream
+	consumers.  Core agreed enthusiasticly.</p>
+      <p>Core has agreed to promote the MIPS architecture to Tier-2
+	status.</p>
+      <p>A proposal to enhance security by discontinuing HTTP or other
+	unencrypted channels for all &os; services was not something
+	Core could approve for the immediate future.  While switching to
+	HTTPS has obvious security benefits, we would need to distribute
+	appropriate CA certificates as part of the base system and make
+	certain other changes before this could be achieved relatively
+	seamlessly.  All &os; services are already available over
+	secure channels, but our documentation did not necessarily
+	present secure access methods as the preferred routes.  Action
+	is being taken to address the documentation, and this question
+	will be revisited once the necessary groundwork is in place.</p>
+      <p>The <tt>fortune(6)</tt> program has long been a focus for controversy,
+	and previous Cores have needed to impose a lock on updates to
+	the fortune data files.  The argument blew up again over the
+	re-deletion of a number of apparently pro-Nazi quotations.  Core
+	decided that enough was enough and removed all of the fortune
+	data files except for <tt>FreeBSD-tips.dat</tt> from the base system.
+	The tacit approval of many questionable or controversial
+	opinions by shipping them as a part of the base system is a
+	liability the project simply cannot afford.</p>
+      <p>No new commit bits were issued during this quarter, but we did
+	see two former committers: Sean Eric Fagan and Wolfram
+	Schneider, reactivate their commit bits.  One committer, Ngie
+	Cooper, has handed back their bit.</p>
+    </body>
+  </project>

More information about the svn-doc-all mailing list