os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add core entry from matthew

Browse source
This commit is contained in:
Benjamin Kaduk 2016-10-24 03:58:13 +00:00
parent c8affa5af8
commit f405f08745
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=49562
1 changed files with 116 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

116
en_US.ISO8859-1/htdocs/news/status/report-2016-07-2016-09.xml
View file

@ -1242,4 +1242,120 @@
</body>
</project>
<project cat='team'>
<title>The &os; Core Team</title>
<contact>
<person>
<name>&os; Core Team</name>
<email>core@FreeBSD.org</email>
</person>
</contact>
<body>
<p>The third quarter started with the handover to the ninth Core
team as it took office. With four members returning from the
previous core (Baptiste Daroussin, Ed Maste, George Neville-Neil
and Hiroki Sato); one returning member after a term away (John
Baldwin) and four members new to core (Allan Jude, Kris Moore,
Benedict Reuschling and Benno Rice) the new core team represents
just about the ideal balance between experience and fresh
blood.</p>
<p>Beyond handing over all of the ongoing business, reviewing
everything on Core's agenda and other routine changeover
activities, the first action of the new core was to respond to a
query from Craig Rodrigues concerning how hardware supplied to the
project through donations to the &os; Foundation was being
used.</p>
<p>The Foundation does keep records of what hardware has been
supplied over time and has some idea of the original purpose that
hardware was provisioned for, but does not track the current usage
of the project's hardware assets. Cluster administration keep
their own configuration database, but this is not suitable for
general publication and covers much more than Foundation supplied
equipment. After some discussion it was decided that updated
information about the current disposition of Foundation supplied
equipment should be incorporated in the Foundation's annual
report.</p>
<p>Ensuring that all of the &os; code base is supplied under open
and unencumbered licensing terms and that we do not infringe on
patent terms or otherwise act counter to any legal requirements
are some of Core's primary concerns. During this quarter, there
were three items of this nature.</p>
<ul>
<li>Importing Concurrency Kit. In consultation with the
Foundation's legal counsel, it was determined that the relevant
patents on the 'Read Copy Update' synchronization mechanisms
have expired, and consequently the import of selected parts of
concurrency kit was approved.</li>
<li>The proposal to create a shadow GPLv3 toolchain repository
was put to the community. Ultimately the whole idea has been
rendered largely redundant by faster than anticipated progress
at integrating the latest LLVM toolchain on most of the
interesting system architectures. The goal of a GPL-free base
system is within our grasp.</li>
<li>Reports that GPL code has been pasted into linuxkpi sources
are under investigation. Core would like to stress that great
care must be taken to avoid inadvertent license infringement,
especially when implementing hardware interfaces or similar
where there is limited scope to invent new constants or
otherwise make it clear this is a novel implementation.</li>
</ul>
<p>Work on LLVM has thrown up problems with the presence of
certain pre-compiled binary-only drivers as part of the GENERIC
kernel. Core has adopted the policy that such binary-only code
should be moved to loadable modules and that the GENERIC kernel
must be compiled entirely from original sources.</p>
<p>The item that has absorbed the largest portion of Core's
attention this quarter concerns the project's handling of security
vulnerabilities in bspatch(1), libarchive(3), FreeBSD-update(8)
and portsnap(8). A partial fix was applied in
&os;-SA-16:25.bspatch but this lacks fixes to libarchive code
that were not yet available from upstream.</p>
<p>SecTeam receives privileged early reports of many
vulnerabilities and consequently has a strict policy of not
commenting publicly until an advisory and patches have been
published. Early access to information about vulnerabilities is
contingent on their ability to avoid premature disclosure, and
without such, they could not have security advisories and
patches ready to go immediately the vulnerability is
published.</p>
<p>However, in this case, vulnerabilities were already public and
the lack of any official response from the &os; project was
leading to concern amongst users and some critical press coverage.
Core stepped in and published a statement clarifying the situation
and the particular difficulties involved in securely modifying the
mechanisms used to deliver security patches. Core believes that
prompt notification and discussion of the implications and
possible workarounds to any <i>public</i> vulnerability should not wait
on the availability of formal OS patches.</p>
<p>The OpenSSH project has deprecated DSA keys upstream. &os; had
kept DSA keys enabled in the later 10.x releases for compatibility
reasons, but with the release of 11.0 the time has come to
synchronise again with upstream. Since there are numerous DSA
keys in use in the &os; cluster this has necessitated an
exercise to get replacement keys installed. Core would like to
thank David Wolfskill and the accounts team for handling the surge
in key changes with a great deal of aplomb.</p>
<p>During this quarter we welcomed Michael Zhilin, Imre Vadasz,
Steve Kiernan and Toomas Soome as new source committers. Over the
same period, we said farewell to Martin Wilke and Erwin Lansing
who have handed in their commit bits. We wish them well in their
future endeavours and hope to see them return as soon as they
can.</p>
</body>
</project>
</report>