os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add 2017Q4 core@ entry from matthew

Browse source
This commit is contained in:
Benjamin Kaduk 2018-02-19 18:15:14 +00:00
parent 83ef4cef30
commit a972895fd5
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=51432
1 changed files with 115 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

115
en_US.ISO8859-1/htdocs/news/status/report-2017-10-2017-12.xml
View file

@ -451,4 +451,119 @@
<sponsor>Limelight Networks (Kevin Bowling)</sponsor>
</project>
<project cat='team'>
<title>The &os; Core Team</title>
<contact>
<person>
<name>&os; Core Team</name>
<email>core@FreeBSD.org</email>
</person>
</contact>
<body>
<p>The most significant action by Core during the final quarter of
2017 was the approval of the new Code of Conduct after a long
period of development and review. Core added a preamble to the
text emphasizing the principles behind the Code of Conduct over
detailed interpretation of the rules. The new code delegates
the handling of complaints to a Code of Conduct review board; we
are currently finalizing practical arrangements around setting
up the review board before announcing the adoption of the new
code.</p>
<p>John Hixson of iXsystems was proposed, and accepted, as the
first new Project Member under the new rules adopted earlier
this year. Core feels that John is an excellent choice as the
first member, and looks forwards to adding many other project
members in the future.</p>
<p>There have been some significant changes around the Security
Officer and secteam. Gordon Tetlow has formally taken over the
role of Security Officer from Xin Li. Xin remains an active
member of secteam, and Ed Maste has now joined secteam as well.
</p>
<p>Gordon joined Secteam at a point where they were struggling
with handling the widely publicised WPA2 vulnerability
(&os;-SA-17:07.wpa), and had an immediate impact simply by
making a public response, even though the technical fixes were
not entirely ready. Gordon's remit from Core is to examine how
Secteam operates and work out how to manage their case-load while
avoiding the problems of burn-out and overload that have impeded
Secteam's effectiveness in the past.</p>
<p>One of the key problems is that security problems are handled
in a completely separate bug handling system to general PRs.
This is unusual compared to most similar OS projects, and leads
to difficulties in bringing in available talent from amongst the
entire body of &os; developers in order to be able to share
the load and react quickly. Secteam is working with Bugmeister
to enable suitable access controls within our main Bugzilla
instance, so that we can both conform to bug embargoes and other
confidentiality requirements but also make it easy to solicit
fixes from a wider range of developers and to transition
security bugs to open handling like any other bug once there is
no more need for secrecy.</p>
<p>This quarter also saw the creation of a 10.4-RELEASE branch,
and the extension of the lifetime of 11.0-RELEASE by one month.
The former was in response to requests from a number of
prominent &os; consumers, who needed access to new
functionality but could not immediately upgrade to 11.0-RELEASE.
Releasing 10.4 permitted this without making a significant
extension to the lifetime of the 10.x release series.</p>
<p>The extension to 11.0-RELEASE EoL was a consequence of failing
to communicate the impending switch to 11.1-RELEASE in good
time. Since this was the first minor version transition under
the new release schedule, in discussion with Secteam and Release
Engineering, we concluded that a delay was necessary to allow
the userbase sufficient warning to upgrade before 11.0-RELEASE
went out of support. This was not a cost-free decision: as
Portmgr reminded us, this affected package building and delayed
implementation of some important updates.</p>
<p>&os; will be participating in Google Summer of Code again in
2018. This has become one of our most important routes for
recruiting the new, young developers vital for ensuring the
longevity of the project.</p>
<p>Pedro Giffuni proposed adopting the SPDX license tagging system
as used by many other projects, including the Linux kernel, in
order to facilitate programatic license management by downstream
consumers. Core agreed enthusiasticly.</p>
<p>Core has agreed to promote the MIPS architecture to Tier-2
status.</p>
<p>A proposal to enhance security by discontinuing HTTP or other
unencrypted channels for all &os; services was not something
Core could approve for the immediate future. While switching to
HTTPS has obvious security benefits, we would need to distribute
appropriate CA certificates as part of the base system and make
certain other changes before this could be achieved relatively
seamlessly. All &os; services are already available over
secure channels, but our documentation did not necessarily
present secure access methods as the preferred routes. Action
is being taken to address the documentation, and this question
will be revisited once the necessary groundwork is in place.</p>
<p>The <tt>fortune(6)</tt> program has long been a focus for controversy,
and previous Cores have needed to impose a lock on updates to
the fortune data files. The argument blew up again over the
re-deletion of a number of apparently pro-Nazi quotations. Core
decided that enough was enough and removed all of the fortune
data files except for <tt>FreeBSD-tips.dat</tt> from the base system.
The tacit approval of many questionable or controversial
opinions by shipping them as a part of the base system is a
liability the project simply cannot afford.</p>
<p>No new commit bits were issued during this quarter, but we did
see two former committers: Sean Eric Fagan and Wolfram
Schneider, reactivate their commit bits. One committer, Ngie
Cooper, has handed back their bit.</p>
</body>
</project>
</report>