Mailinglist Archive: opensuse-factory (633 mails)

< Previous Next >
Re: [opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?
On 1/31/19 2:52 PM, Jim E Bonfiglio wrote:
Hi Jeff- have data been gathered regarding these file systems which the
"vast majority of users" use? If so, where might I find these data?
Does SUSE or anyone else gather these data regarding users of
(open)SUSE? If so, how are these data gathered?


Best, Jim



On Thu, 2019-01-31 at 14:43 -0500, Jeff Mahoney wrote:
On 1/31/19 1:42 PM, Jim E Bonfiglio wrote:
Hi Jim- so far as I'm aware, thinking does not necessarily match
reality. I couldn't tell you how many attend that conference, but I
do
wonder what a representative sample of (open)SUSE users would
report as
"necessary" file systems. Without such a sample this proposed
change
appears quite reckless.


Best, Jim


On Thu, 2019-01-31 at 16:45 +0000, Jim Henderson wrote:
On Thu, 31 Jan 2019 04:37:08 -0500, Felix Miata wrote:

And yet there are enough to manage to have an annual
convention:
http://www.warpstock.org/

I don't have a horse in this race, but going to the site for the
Berlin
2018 conference doesn't make me think that this affects thousands
of
users. It makes me think it affects about 20. Small conference
rooms, a
relatively small lunch gathering. Makes me wonder what the
actual
attendance is.

The solution is simple - remove the filesystem from the
blacklist. Seems
like a really easy thing to do for something that's used by 20
people.

It's not like the filesystem module is not being built or
included.

In terms of local file systems, the vast majority of users use:
ext2/3/4, xfs, btrfs, and reiserfs[1]. OCFS2 and GFS2 are common
enough
that I wouldn't want to blacklist them. JFS saw some use in the past
but it was never particularly popular since it was the disk format
used
by OS/2 and not the AIX version. My opinions on it aren't
new[2]. The
rest are for compatibility with now-ancient or otherwise uncommon
OSes,
for pure flash (ie: without an FTL) media, or have other maintenance
issues (f2fs). Are there users out there for any of these? I'm sure
there are a handful. I just don't think it's worth leaving the
attack
surface open for the vast majority of users to accommodate a few --
especially if we can minimize the impact on the few.

Now that I look at it again, the list was composed using the file
systems we build on SLE15. There are two others that should be
added:
omfs
ntfs[3]

-Jeff

[1] I expect this will go on the blacklist at some point in the
future
as I'm the last person to do any real work on it and I have other
priorities that take precedence.
[2]
https://sourceforge.net/p/jfs/mailman/jfs-discussion/thread/fpps5p$g2t$2@xxxxxxxxxxxxxxxx/
-- I'm assuming the staff member was me in this case. Dave also says
that he tries to fix bugs but the hard ones go unfixed. This was 11
years ago.
[3] Not that NTFS isn't widely used; Just that the only attention
that
the ntfs kernel module has has seen since 2007 has been for tree-wide
cleanups and API changes. Use ntfs-3g instead.

Please observe the list convention and refrain from top-posting.

We don't have specific data because we don't do install tracking beyond
the standard http logs which don't yield anything more concrete than the
number of unique users who downloaded a package. If you'd like to
propose deeper, more fine-grained statistics, you're welcome to lead
that discussion. This is anecdata based on experience. I've been a
contributing member of the Linux file system community for 19 years and
have led the SUSE kernel file system team for the last 12. All software
has bugs and the lack of bug reports for e.g. befs doesn't mean that
it's perfect. It means so few people use it that they're not hitting any.

Mailing list activity may also be decent metric of activity and
popularity. The btrfs list had 12600 message last year and 897 messages
since 1 January 2019. The XFS last had 10200 message last year and 571
since the start of 2019. I don't keep an archive of the ext4 list, but
some screen scraping says about 4700 messages last year and 330 message
this year so far. I wouldn't use these numbers to /rank/ popularity,
but they're sufficient to show that the communities are still active.

In contrast, the JFS list had 229 messages last year, most of which were
courtesy CC's for tree-wide API changes. ReiserFS had even fewer, but
it was our default file system for several years (and, as I said, it'll
be added eventually).

In terms of commit activity, qnx6 has been largely untouched since it's
initial commit in 2012. The last time the qnx4 maintainer committed
code he wrote was in 2009 and that was to remove write support entirely.
All changes since then have been janitor-style changes. The last
substantial changes to adfs were in 2011. I know HFS is unmaintained
because I saw a CVE relating to it show up this year and everyone shrugged.

The list reflects reality and the blacklist is the most user-friendly
solution to shrink the attack surface while allowing flexibility of
deployment.

-Jeff

--
Jeff Mahoney
SUSE Labs
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >