svn commit: r303716 - head/crypto/openssh
Xin Li
delphij at delphij.net
Sun Aug 7 22:48:50 UTC 2016
On 8/7/16 14:20, Warner Losh wrote:
>
>> On Aug 7, 2016, at 3:11 PM, Andrey Chernov <ache at freebsd.org> wrote:
>>
>>> OTOH, FreeBSD has a documented deprecation process that says things will
>>> continue working for a major release after being formally deprecated.
>>
>> FreeBSD 11 is not released yet (betas are not counted), stable-10 too,
>> so it is right time to deprecate for them.
>
> Nice try, but feature freeze was months ago. Have you got buy in from the
> security officer and the release engineer?
Well, despite the fact that I have to admit that I get locked out from
my own storage box too, however (even without wearing any hat) I am for
the change and would blame myself for being lazy in adopting the change
when the upstream have announced it earlier about a year ago.
Compatibility with legacy software/hardware, sure, but if we don't stop
at some point, it would be like SSL 2.0 which people have pointed out
several flaws in 1995 and take 16 years to get deprecated and still bite
people in 2014.
We should do something like what OpenSSH have done by creating a page
describing the motivation, the impact, the temporary but discouraged
workaround, etc., and mention it in the release notes to prevent people
from being bite.
Cheers,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20160807/df6bff63/attachment.sig>
More information about the svn-src-all
mailing list