Le 26/09/2019 à 16:22, Mouse a écrit :
Keeping them enabled for the <1% users interested means keeping
vulnerabilities for the >99% who don't use these features.
Are the usage numbers really that extreme? Where'd you get them? I
didn't think there were any mechanisms in place that would allow
tracking compat usage.
No, there is no strict procedure to monitor compat usage, and there
never will be. Maybe it's not <1%, but rather 1.5%; or maybe it's
5%, 10%, 15%.
Who cares, exactly?
The short answer is "anyone who wants NetBSD to be useful".
If it really is only a tiny fraction - under ten people, say - then,
sure, yank it out. If it's 90%, removing it would lose most of the
userbase, possibly provoke a fork. 15%, 40%, I don't think there is a
hard line between "pull it" and "keep it", and even if there were I'm
not sure it would matter because it appears nobody knows what the
actual use rate is anyway.
What is known, however, is that 100% of the users are affected by the
vulnerabilities. So, do we keep these things enabled by default just
because "uh we don't know so we shouldn't do anything"? Even as it's
already been clear that the majority doesn't use compat_linux?