On 23 Feb 2026, at 21:43, Greg 'groggy' Lehey wrote:
I'm really quite concerned about the plans to remove lpd. I
understand that there are security issues with lpd, even if I haven't
heard any reports of exploits in over a third of a century, but the
approach seems wrong to me. If we follow this direction, we can pare
down FreeBSD to a bare minimum (the kernel and what else?).
So what should be done? I'm explicitly copying core@ on this, though
I assume that you have all been following things. But this is a basic
issue for the project, so core@ (and not srcmgr@) should have a
position on this.
I understand that des no longer feels interested in maintaining lpd or
fixing its apparently numerous bugs. But there are alternatives:
1. Find somebody who *is* interested. I haven't seen anything on the
mailing lists asking for this. Why not?
2. Take the corresponding code from another BSD, like we have done in
the past. des tells us, without details, that the OpenBSD code
has the same bugs. I've asked numerous times, but nobody has told
me whether they have spoken with the OpenBSD project about it.
And what about NetBSD or DragonflyBSD?
3. Make it a shared project amongst BSDs, like make(1).
Hmm. I seem to be out of some loop here.
First let me apologize for not following much of anything in FreeBSD in
the past 2-3 weeks. We (RPI) had a major screwup with our VM cluster a
few weeks ago, which triggered an abrupt reboot of many of our virtual
machines, required a reboot of all our virtual machines to alleviate
some dangers, and is now requiring a second reboot of all our virtual
machines because the first fix was incomplete so we now need to fix the
fix.
I'm still in the middle of the second round of reboots, but I'll try
catch up on the mailing lists and comment further later today. It might
not be today because I'm still caught up in the cycle of reboots at
work. This week is spring break for us so usually I'd have a lot of
spare time, but this spring break has busy.
Also, I went to do a minor macOS upgrade on my main PGP-capable mac last
week, and instead that mac was upgraded two major versions of macOS.
When I went to post this, I find that PGP isn't working for me anymore.
I don't use PGP much, but I know it was working fine back in the end of
January. But you can trust it's me. Who else would willingly *want* to
admit that they have something to do with `lpd`?
--
Garance Alistair Drosehn = [email protected]
Lead Developer @rpi and [email protected]
Rensselaer Polytechnic Institute; Troy, NY; USA
