On Apr 13, 2013, at 12:33 AM, Rui Paulo <rpa...@freebsd.org> wrote: > On 2013/04/12, at 22:31, Scott Long <sco...@samsco.org> wrote: > >> On Apr 12, 2013, at 7:43 PM, Rui Paulo <rpa...@freebsd.org> wrote: >> >>> On 2013/04/11, at 13:18, Gleb Smirnoff <gleb...@freebsd.org> wrote: >>> >>>> Lack of maintainer in a near future would lead to bitrot due to changes >>>> in other areas of network stack, kernel APIs, etc. This already happens, >>>> many changes during 10.0-CURRENT cycle were only compile tested wrt >>>> ipfilter. If we fail to find maintainer, then a correct decision would be >>>> to remove ipfilter(4) from the base system before 10.0-RELEASE. >>> >>> This has been discussed in the past. Every time someone came up and said >>> "I'm still using ipfilter!" and the idea to remove it dies with it. >>> I've been saying we should remove it for 4 years now. Not only it's >>> outdated but it also doesn't not fit well in the FreeBSD roadmap. Then >>> there's the question of maintainability. We gave the author a commit bit so >>> that he could maintain it. That doesn't happen anymore and it sounds like >>> he has since moved away from FreeBSD. I cannot find any reason to burden >>> another FreeBSD developer with maintaining ipfilter. >>> >> >> One thing that FreeBSD is bad about (and this really applies to many open >> source projects) when deprecating something is that the developer and >> release engineering groups rarely provide adequate, if any, tools to help >> users transition and cope with the deprecation. The fear of deprecation can >> be largely overcome by giving these users a clear and comprehensive path >> forward. Just announcing "ipfilter is going away. EOM" is inadequate and >> leads to completely justified complaints from users. > > I agree with the deprecation path, but given the amount of changes that > happened in the last 6 months, I'm not even sure ipfilter is working fine in > FreeBSD CURRENT, but I haven't tested it. >
You target audience for this isn't people who track CURRENT, it's people who are on 7, 8, or 9 and looking to update to 10.x sometime in the future. >> So with that said, would it be possible to write some tutorials on how to >> migrate an ipfilter installation to pf? Maybe some mechanical syntax docs >> accompanied by a few case studies? Is it possible for a script to automate >> some of the common mechanical changes? Also essential is a clear document >> on what goes away with ipfilter and what is gained with pf. Once those >> tools are written, I suggest announcing that ipfilter is available but >> deprecated/unsupported in FreeBSD 10, and will be removed from FreeBSD 11. >> Certain people will still pitch a fit about it departing, but if the tools >> are there to help the common users, you'll be successful in winning >> mindshare and general support. > > > It's not very difficult to switch an ipf.conf/ipnat.conf to a pf.conf, but > I'm not sure automated tools exist. I'm also not convinced we need to write > them and I think the issue can be deal with by writing a bunch of examples on > how to do it manually. Then we can give people 1y to switch. > Please believe me that no matter how trivial you think the switch is, a migration guide still needs to be written. Scott \ _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
