lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <658523650c342e7ffd2fcc136ac950baca6cf565.camel@redhat.com>
Date: Mon, 18 Mar 2024 11:36:09 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: Lynne <dev@...ne.ee>, Netdev <netdev@...r.kernel.org>
Cc: Kuniyu <kuniyu@...zon.com>, Willemdebruijn Kernel
	 <willemdebruijn.kernel@...il.com>
Subject: Re: Regarding UDP-Lite deprecation and removal

On Sun, 2024-03-17 at 01:34 +0100, Lynne wrote:
> UDP-Lite was scheduled to be removed in 2025 in commit
> be28c14ac8bbe1ff due to a lack of real-world users, and
> a long-outstanding security bug being left undiscovered.
> 
> I would like to open a discussion to perhaps either avoid this,
> or delay it, conditionally.

I'm not very familiar to the deprecation process, but I guess this kind
of feedback is the sort of thing that could achieve delaying or avoid
the deprecation.

What will help more IMHO is someone stepping in to actually maintain
the protocol. It should not be an high load activity, but a few things
would be required: e.g. writing self-tests and ensuring that 3rd party
changes would not break it. And reviewing patches - but given the
protocol history that would probably be once in a lifetime.

Cheers,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ