On 2016/07/07 18:43, Jeremie Courreges-Anglas wrote: > Theo de Raadt <dera...@cvs.openbsd.org> writes: > > >> I don't think that getpwnam_shadow is a big concern. Fixes can be > >> applied to -stable with relatively minor churn, if needed. > > > > They are being discovered slower than I expected. Maybe there are only > > a handful left. > > > > > I don't think that 6.0 can ship with wxneeded enforced. There's just > >> too much to do, and afaik no one is trying to fix the few big ports that > >> would need it. > > > > I don't think we are tightening the enforcement. As a result, 6.0 > > is probably going out the door with "noisy reporting", and we'll collect > > information from the community. Is that a good strategy? Or should > > we silence it. > > The logs could make a serial connection temporarily unusable. That > said, I think that noisy by default would be fine, if it could be > disabled.
Theo changed it, it just goes to logs not console now, and it's restricted (iirc once per process) rather than being done for every mapping. I think the current semantics are good for the release. chrome has a check in the wrapper script so people can fairly easily learn about the wxallowed flag, the logging is noticeable but not obnoxious, and there's a relatively easy way to disable it for a program.
