Le 23/03/2020 à 04:07, Roy Marples a écrit : > On 22/03/2020 08:30, Maxime Villard wrote: >> Overall "From OpenBSD" is a redflag for buggy and vulnerable code.. > > We should be above this, no software is perfect, not even ours. > > Roy
You seem to be confusing one-off defects and structural deficiencies. That a plane crashes because of one slightly malformed screw, is a one-off defect. Yes, sh*t happens, that's statistical, and in the order of things. That a plane crashes because pilots have trained on a faulty simulator, are faced with incomplete emergency manuals, that don't document the faulty flight computer about to bring the plane down, itself installed to work around the plane's faulty airframe, is a big redflag for structural deficiencies. In that you could as well fix the simulator, fix the manuals, fix the computer, fix the airframe, that there would still be a consistent way for the plane to crash, because it is just so structurally deficient, that no one could honestly put any kind of trust in it. Damn, I love this analogy. Anyway, to come back to the point, I have come to notice that several organizations (very big ones sometimes...) produce code that is very close to structurally deficient, and that's a source of concern for our QA when that code gets imported. In the case of OpenBSD I don't know if it is recent or if it has always been like this, I would tend to think the latter. So yeah big redflag when I see a "from ...", that's an indication that the area needs attention. In all cases, these specific issues with if_umb are not urgent, because the driver is disabled by default in NetBSD. Interesting technical challenge though, if someone is interested! Maxime