Hello. The point I was trying to make is that if you break COMPAT_FREEBSD by taking it out of the GENERIC kernel, you lose the ability to manage the twa(4) or twe(4) cards through the OS unless you recompile a kernel with COMPAT_FREEBSD back in. (Having an auto-loading module seems like it misses the point of enhancing security to me.). New users with these cards might not then wish to use NetBSD with these cards simply because they don't want to go to the trouble of compiling a special kernel. We, as a NetBSD community, may have then lost those users, which I would see as unfortunate.
-Brian On Feb 13, 9:25pm, Eric Haszlakiewicz wrote: } Subject: Re: Removal of compat-FreeBSD } On February 13, 2015 6:46:52 PM EST, Brian Buhrow <[email protected]> wrote: } > If you are going to disable COMPAT_FREEBSD in GENERIC kernels, then } >you probably also need to disable twe(4) and twa(4) as well. I would } >not } >be in favor of this. Several people have written saying they use } >tw_cli. } >I've not written, but I too use tw_cli to manage 3ware cards under } >NetBSD. } } That's not at all the same. Code that can get triggered by an arbitrary executable has a very different attack surface than device drivers that won't be used if you don't have one of those devices in your system. } I'm all for trimming things down, but I don't think it's valid to claim that removing COMPAT_FREEBSD implies the need to remove anything else. } } Eric } } >-- End of excerpt from Eric Haszlakiewicz
