HEADS UP: Audit integration into CVS in progress, some tree
disruption
Robert Watson
rwatson at FreeBSD.org
Thu Feb 2 01:17:47 GMT 2006
On Wed, 1 Feb 2006, Mike Jakubik wrote:
> Kris Kennaway wrote:
>> On Wed, Feb 01, 2006 at 07:03:31PM -0500, Mike Jakubik wrote:
>>
>>> Personally, i would like to see less "experimental" code in 6.1. Perhaps
>>> it would be better to wait until everyone feels the code is ready?
>>
>> Why do you care if code that is not enabled by default is present in the
>> system? :-)
>
> Well... While you, me, and other viewers of this list may be fully aware of
> the situation, some else who is either new to FreeBSD or missed out on this
> info may try it and possibly be disappointed. Which would ruin their
> experience and/or opinion of FreeBSD in general. I guess if it does make it
> in, it would be a good idea to clearly notify the user that it is still
> experimental, etc..
In the past, we've marked features as experimental using a man page note,
e.g., in the mac(4) man page:
NAME
mac -- Mandatory Access Control
SYNOPSIS
options MAC
...
BUGS
See mac(9) concerning appropriateness for production use. The TrustedBSD
MAC Framework is considered experimental in FreeBSD.
And as such in the release notes. However, maybe we could add the following
also:
- Dependence on defining "options EXPERIMENTAL" in the kernel configuration
file -- if the kernel isn't compiled with the EXPERIMENTAL option, a compile
error warning that it needs to be defined will be generated.
- When a kernel is configured with an experimental feature, config generates a
warning, similar to the ones it currently generates about GPL'd components,
etc.
And we should make sure there is a note in the handbook section as well.
Robert N M Watson
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message
More information about the trustedbsd-audit
mailing list