RFC: Removing WITHOUT_CAPSICUM and WITHOUT_CASPER from 14.x

Reply: Gordon Bergling : "Re: RFC: Removing WITHOUT_CAPSICUM and WITHOUT_CASPER from 14.x"
Reply: Warner Losh : "Re: RFC: Removing WITHOUT_CAPSICUM and WITHOUT_CASPER from 14.x"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Colin Percival <cperciva_at_tarsnap.com>
Date: Thu, 16 Feb 2023 04:53:43 UTC

Hi FreeBSD architects,

I'd like to remove WITHOUT_CAPSICUM and WITHOUT_CASPER for FreeBSD 14.x.

The rationale for this is threefold:

1. They doesn't serve any useful purpose and merely weakens security;

2. They're an anomaly among WITH/WITHOUT options -- most WITHOUT_* options
take the form "don't build/install <components>" rather than having
effects across the entire tree.

3. They're a pain for release engineering, because approximately nobody ever
tests FreeBSD with WITHOUT_CAPSICUM or WITHOUT_CASPER set, but they're the
sort of option which can easily break the build due to having affects all
over the tree.

If nobody objects, my plan is to get rid of the WITHOUT_ build options first
and leave MK_{CAPSICUM,CASPER} set unconditionally to "yes"; then sweep the
tree (mostly a matter of running unifdef) after 14.x is branched.

-- 
Colin Percival
FreeBSD Deputy Release Engineer & EC2 platform maintainer
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid