On Thu, Sep 26, 2019 at 04:29:52PM +0200, Maxime Villard wrote:
> Le 26/09/2019 à 16:22, Mouse a écrit :
> > > > > Keeping them enabled for the <1% users interested means keeping
> > > > > vulnerabilities for the >99% who don't use these features.
> > > > Are the usage numbers really that extreme? Where'd you get them? I
> > > > didn't think there were any mechanisms in place that would allow
> > > > tracking compat usage.
> > > No, there is no strict procedure to monitor compat usage, and there
> > > never will be. Maybe it's not <1%, but rather 1.5%; or maybe it's
> > > 5%, 10%, 15%.
> >
> > > Who cares, exactly?
> >
> > The short answer is "anyone who wants NetBSD to be useful".
> >
> > If it really is only a tiny fraction - under ten people, say - then,
> > sure, yank it out. If it's 90%, removing it would lose most of the
> > userbase, possibly provoke a fork. 15%, 40%, I don't think there is a
> > hard line between "pull it" and "keep it", and even if there were I'm
> > not sure it would matter because it appears nobody knows what the
> > actual use rate is anyway.
>
> What is known, however, is that 100% of the users are affected by the
> vulnerabilities. So, do we keep these things enabled by default just
> because "uh we don't know so we shouldn't do anything"? Even as it's
> already been clear that the majority doesn't use compat_linux?
Actually this is not clear. We have linux binaries in pkgsrc.
> Is it such a Herculean effort to type "modload compat_linux" for the
> people that want to use Linux binaries? In order to keep the majority
> safe from the bugs and vulnerabilities?
Maybe some of them don't even know they are using compat_linux ...
--
Manuel Bouyer <bou...@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
