From Newsgroup: muc.lists.freebsd.stable


--CwEx6avFF2kTSAjq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I'm really quite concerned about the plans to remove lpd. I
understand that there are security issues with lpd, even if I haven't
heard any reports of exploits in over a third of a century, but the
approach seems wrong to me. If we follow this direction, we can pare
down FreeBSD to a bare minimum (the kernel and what else?).

So what should be done? I'm explicitly copying core@ on this, though
I assume that you have all been following things. But this is a basic
issue for the project, so core@ (and not srcmgr@) should have a
position on this.

I understand that des no longer feels interested in maintaining lpd or
fixing its apparently numerous bugs. But there are alternatives:

1. Find somebody who *is* interested. I haven't seen anything on the
mailing lists asking for this. Why not?

2. Take the corresponding code from another BSD, like we have done in
the past. des tells us, without details, that the OpenBSD code
has the same bugs. I've asked numerous times, but nobody has told
me whether they have spoken with the OpenBSD project about it.
And what about NetBSD or DragonflyBSD?

3. Make it a shared project amongst BSDs, like make(1).

What seems completely wrong to me is to outsource it to a port,
especially one that is unmaintained, has a GPL license and has
conflicts with existing installations.

I've been investigating LPRng in more detail, and the more I look, the
worse it gets:

1. From the Makefile:

LICENSE= ART10 GPLv2

I thought that was supposed *not* to be GPL.

2. Also in the Makefile:

CONFLICTS= cups-base-1.[2-9]*

So many ports have CUPS as a dependency that this makes it
effectively a no-no. I was going to build the port to see what it
was like, but this makes it almost impossible. I haven't found
any of my systems without CUPS. So to answer des' initial
question: no, it is by no means a drop-in replacement for base
lpd.

3. When I tried to build (and before it refused), I got:

The LPRng port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

Since when do we rely on unmaintained ports?

FWIW, trying to install the package doesn't complain, though it would
overwrite a number of files. This looks like a bug in the package to
me.

That's about as far as I went with LPRng. On the face of it, CUPS
would make more sense, though I've had nothing but trouble with it.
At least it doesn't require the GPL. But I still find reliance on
*any* port to be wrong.

Greg
--
Sent from my desktop computer.
See complete headers for address and phone numbers.
This message is digitally signed. If your Microsoft mail program
reports problems, please read http://lemis.com/broken-MUA.php

--CwEx6avFF2kTSAjq
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSaG4ICvM64RvkvCawi5vKQUHpCIwUCaZ0QPwAKCRAi5vKQUHpC I7BnAKCAJnIJrcdU80/hvGdbfRDNRtvwCACdEXYzemw/22l4TZ6ul4Z/PVceNRo=
=PotH
-----END PGP SIGNATURE-----

--CwEx6avFF2kTSAjq--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

On 02/23/2026 8:43 PM CST Greg 'groggy' Lehey <grog@freebsd.org> wrote:

I've asked numerous times, but nobody has told me whether they
have spoken with the OpenBSD project about it. And what about
NetBSD or DragonflyBSD?

Have _you_ spoken to them?

So, where are all these magical entities who are supposed to do
the boring daily grindy work like this? Have they ascended to
another plane, or are they just tired, old, people like me?

mcl


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable


--KXCw5CU1qGddHMG/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Monday, 23 February 2026 at 20:55:27 -0600, Mark Linimon wrote:

On 02/23/2026 8:43 PM CST Greg 'groggy' Lehey <grog@freebsd.org> wrote:

I've asked numerous times, but nobody has told me whether they
have spoken with the OpenBSD project about it. And what about
NetBSD or DragonflyBSD?

Have _you_ spoken to them?

Not yet. First I wanted to understand what has happened so far. But
I certainly will do so if nobody else has.

So, where are all these magical entities who are supposed to do the
boring daily grindy work like this?

They're collectively called the FreeBSD project. That was point 1 of
my message. I'm well aware of manpower limitations, thust the order
of my suggestions.

Have they ascended to another plane, or are they just tired, old,
people like me?

... or me. Most are younger than you or I are. And yes, the project demographic is changing, but that's for a different rant.

Greg
--
Sent from my desktop computer.
See complete headers for address and phone numbers.
This message is digitally signed. If your Microsoft mail program
reports problems, please read http://lemis.com/broken-MUA.php

--KXCw5CU1qGddHMG/
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSaG4ICvM64RvkvCawi5vKQUHpCIwUCaZ0WpgAKCRAi5vKQUHpC I2jJAJ9T4IbBUpq+ri7XfOnlIoaRBStRRQCfUrx06gCqJwoZOr+scyI52klcRvM=
=Nj6x
-----END PGP SIGNATURE-----

--KXCw5CU1qGddHMG/--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

--=_704475ec7db937be31238c23429e56dd
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
format=flowed

On 2026-02-23 18:55, Mark Linimon wrote:

On 02/23/2026 8:43 PM CST Greg 'groggy' Lehey <grog@freebsd.org> wrote:

I've asked numerous times, but nobody has told me whether they
have spoken with the OpenBSD project about it. And what about
NetBSD or DragonflyBSD?

Have _you_ spoken to them?

So, where are all these magical entities who are supposed to do
the boring daily grindy work like this? Have they ascended to
another plane, or are they just tired, old, people like me?

In this "old mans" humble opinion, Greg had a perfectly reasonable
concern. Being tired and grumpy has nothing to do with it.

If push comes to shove. This grumpy old man will take over the lpd source,
or find a suitable arrangement.

Des, can I get a copy of your work?

Greg, thanks for writing the complete BSD book. I still have it! :)
FreeBSD would not be what it is today, without it.

mcl

--Chris
--=_704475ec7db937be31238c23429e56dd
Content-Transfer-Encoding: 7bit
Content-Type: application/pgp-keys;
name=0xE512722F.asc
Content-Disposition: attachment;
filename=0xE512722F.asc;
size=3074

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBGf/G0IBCADARuJc6IcwOe3jv7dQsP1X/EIHvCFExPbTmlMNFMXbMMccQUnV o8ayEn+wmTvPhw7uL3PDk7DQs16W1sN2b8UMFc804cVWNGtoG3rA+Np+TFEYlXJx eh5Q42VHptkuwzHKl+q2utkpRlS7uHyfjsInQAoHxLyi/wrsaZTHHhDbLLhJ5Ez0 arohQ2Q1w0M5e9rW8Fy5rpC7RpC6uO1SZMxcbdqURI/BBqxbiD1iW62cDWFkfFX+ dtaEXghFV7BIBMDSrgIunGoEfdMZgXys7O6bPWn8z0cuOZIPj4HrjoCYARyQ+sdc rjz/k06SLM/UvEZDorJhT4DbYrwMNvaPWJiPABEBAAG0HkNocmlzIDxic2QtbGlz dHNAYnNkZm9yZ2UuY29tPokBNQQQAQgAHwUCZ/8bQgYLCQcIAwIEFQgKAgMWAgEC GQECGwMCHgEACgkQVKBqaOUSci8bSwf/fK3QcTYXRMrv82HIp4SiGCSD7/bRmyWr ipv2vzknGFHxPBN4AEWIqF/U4j5oDXaodyU6xsy59Z47/lgbyzyZiVR6nmJVgZVf el/EgwnLt7ZuYGLLEhIN2pd9itJkB8PMPZrUHMWgIw8BxX5YFYGuyiNe9pGn0Coj 98t/v3fouhqksH+BpB4TBHJBBDSxSiMm66VTJX4Xcnpf0ZnQVP4GBuoyodnFBfdI wqftPLESsCC08lUhD2j7v2NRWwMi/q3ed8D6VCKPImBByYnBZL5gu56K5bwqaQfN itu06APuIYnG71qxgn1EPO63lovWP5NZGgOKvzs3K+JfPF79BiOUFbQjQ2hyaXMg PG1haWxvcEBocmNvbW11bmljYXRpb25zLm5ldD6JATEEEAEIABwFAmf/G0IGCwkH CAMCBBUICgIDFgIBAhsDAh4BAAoJEFSgamjlEnIvBH8H9RGwzZuU6+zvH1WjQa97 yWpEt9rC+BIBJThev2Cpls2LqBqIeIQVZPnyLAZWgFaiezL6+xbvcNt6OnfidIYa x8iRwCMC6/Bs8H2Wef9qfGxXi+jHPLYQk3juiZVmBhIK6FJZkzaW4wSiawofwzbp zqNxO8dZ0j4foaJZrNi8iqsvKjiiHoSFaJtumIThAeydI18CNLeFaS53sk5nad6I wCYeFKmJ/22dMP7DOFEgyG1iNYgY+AGREMkEsBiLpqYjJ5asK+1UdUy/TRly1hOt HHxCiX0Fh9ZYM2vLIj7sq4LKaMPGeYC3qTqBYugVeyz7LkiI2ft/BKveA5JxuYKk ZrQiQ2hyaXMgPG5hbm9nQGhyY29tbXVuaWNhdGlvbnMubmV0PokBMgQQAQgAHAUC Z/8bQgYLCQcIAwIEFQgKAgMWAgECGwMCHgEACgkQVKBqaOUSci+4Bwf8D0Ogk2/X ud/CsAgHozwzKPqfesL5SRWM14hLnU9/EHoplnZgNexbVY1wXIi2FYPo5cve9QxW Nmt3S3UTF9j2fGqv0wmeHv3EqogFUHnftLyWpbeTPOFDMIQp/BOD6ygfeXxXWxRT L6zvUkSrDtHvkQHPWGRxwP+ihWjpw9AQR/R4/qAuTAZZM0O7UnJEo4mWXatl+utF wegG2giwFTTxfF+1rMpFtUDjYCpRQ6ZmE+gC1mHUMoH7GJMQv12DbqwKrxtwGfd0 AJNO3ZDnxl24BmIfl1YqQGZQ5iIH7At4YItESbU45hoNNsG9oDrsil78EUCAtXHd UPScj+eXaeAkgrQfQ2hyaXMgPHBvcnRtYXN0ZXJAYnNkZm9yZ2UuY29tPokBMgQQ AQgAHAUCZ/8bQgYLCQcIAwIEFQgKAgMWAgECGwMCHgEACgkQVKBqaOUSci9o7Af+ Lwu5hJlI5HZNGwAll7QTIFZVW+y4OEg+amhxTDGbAAqlnSIkHC1KgkmIOOrThme3 kTFCqfIIsuP73yKxHq6kRG0zH5/7asAPNAUOfzD7B2o/gMyuTRKyG5r9f3UmACr4 6qvtFhIwROXr6+NNT2IKg3l0/8F58A0N/TR8D2PTHeo4x6jYcZQDCrCy7BAdk3cu V16k4z/1UzRa07b5McezbWL20cIaZ+dqNcCjKZpzPlTyTCGgrNNtaDpNVhoWUKMB YNcKql+tfC1IpX8l+IU6OBKcDKMkQojvO1QrZqY8MDJGo8jq/CtotQ8+IpAai3Bx dQEsxrxlcKTR4rUqvd8VGbkBDQRn/xtCAQgAv5Nv/aQN72xsLik+K73PJwpUmyhu vnI6stM6dSecylXVHjZ7C4n/m0eQEeQCl+9lByHR9N8H+WS3DtAd4pmciiIxRQLA JZiuaLYcy9ziy1h7130VoR7hhJHzo9FIhWkTGlCDX3egUZrYhMiwFUO8lNltLB8o TBvIrMSsnUzawtQjq/otv0Jf+oBPbG+gIYnAm7w6r86n/l+eVxf5eEoS7wV0DJfp b2jE5zWErWk8I/tq4e8T+1VQeVQR6wz+NrUCSxkPkpNAm19AFUHOk//yvMGWVlDW F6gr3ErN2a0w/kZ0lz3Msxsb87QT+MnJf/T3cuEqdTIoSk74BfNEAdMohQARAQAB iQEfBBgBCAAJBQJn/xtCAhsMAAoJEFSgamjlEnIvyvIH/26zytSVNDaxtprg7XtX LerIWf9RyVx8omCw/lXKRCcgkfwD7QR+nSZ0thWOGMpcnivjuReeVRkz/webUF47 BXJ/Tge07nrxdtyTIHBbp35fPIriaKaII6YWc2Ufdxwv+cD8PADS6gQWAlgrWLmn VmYtyHs4kwtiPZyUyuBdWnZal2GyYY0WVwYjvbk95eInwOaIdoTjesJ7ZhUFu155 r4hh9GlvM0uv8WJ5Mw9wvHa5fIM205I5g0IWC7yvTwwwKHlV4JQQOqMwfv569OEl 1GKqA12nSVziB1+UV+I0NqOABWi/MOi+IySPzYP+XgdPfRNx4vmoHYZwWOQ3t4Jd
TEM=
=oj6y
-----END PGP PUBLIC KEY BLOCK-----

--=_704475ec7db937be31238c23429e56dd--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

Greg 'groggy' Lehey <grog@freebsd.org> writes:

I'm really quite concerned about the plans to remove lpd. I
understand that there are security issues with lpd, even if I haven't
heard any reports of exploits in over a third of a century, but the
approach seems wrong to me.

Feel free to review https://reviews.freebsd.org/D55399 yourself, keeping
in mind that it addresses only _some_ of the issues I found in just
_one_ of the 28 source files that make up lpr / lpd. I estimate the
effort needed to overhaul the entire code base and add tests to about
200 hours or two months full-time. I haven't tracked my time so far but
I spent about three days full time on just this patch and a few others
(D55400 adds a socket timeout to mitigate another possible attack, a
bunch of other patches fix build system issues such as parts of lpr /
lpd going into the wrong pkgbase package or not being deleted when the
LPR option is turned off).
I would also like to point out that:
- I have not removed lpr / lpd. I have merely marked them deprecated
and proposed a plan to remove them in or around September 2027, which
is more than a year and half from now, unless they have significantly
improved in the interim.
- I have done more to improve lpd and keep it alive in the last 5 days
than everyone else combined in the last 25 years. But I can't
continue to neglect my paying customers to fix something that almost
nobody uses. Someone will have to step up to either do the work or
hire me to do it.
- Simply moving the code to ports will do nothing to address the
underlying issue, and I will strenuously object to adding software
with known vulnerabilities to the ports tree.
- Some of the issues with lpd cannot be fixed because they are inherent
to its design, which cannot be changed without breaking compatibility,
which is _the only reason_ to keep lpd. The rest of the world has
moved on to IPP.
- There is no spec. RFC 1179 is not a specification for LPDP, but a
description of how lpd works, written after the fact by a third party
who... didn't understand how lpd actually works.
DES
--
Dag-Erling Sm|+rgrav - des@FreeBSD.org
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

On 2026-02-24 06:30 -05:00 EST, "Dag-Erling Sm|+rgrav" <des@FreeBSD.org> wrote:

- I have done more to improve lpd and keep it alive in the last 5 days
than everyone else combined in the last 25 years.

You have. I appreciate that. Thank you.

But I can't
continue to neglect my paying customers to fix something that almost
nobody uses. Someone will have to step up to either do the work or
hire me to do it.

Best,
Alex--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable


--02Fb3mvUe52Xhuhm
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tuesday, 24 February 2026 at 12:30:39 +0100, Dag-Erling Sm=F8rgrav wrote:

Greg 'groggy' Lehey <grog@freebsd.org> writes:

I'm really quite concerned about the plans to remove lpd. I
understand that there are security issues with lpd, even if I haven't
heard any reports of exploits in over a third of a century, but the
approach seems wrong to me.

Feel free to review https://reviews.freebsd.org/D55399 yourself, keeping
in mind that it addresses only _some_ of the issues I found in just
_one_ of the 28 source files that make up lpr / lpd.

No, I believe you. You've only quoted the start of my message, and
even there I say that I accept that there are security issues. That's
why I didn't copy you explicitly on my message.

The real point of the message was further down, which you don't quote,
and which core@ has not addressed at all: we shouldn't remove basic functionality from the base system.

Still, to your points:

I estimate the effort needed to overhaul the entire code base and
add tests to about 200 hours or two months full-time.

Noted. I didn't expect the current code to be salvageable.

I would also like to point out that:

- I have not removed lpr / lpd. I have merely marked them deprecated
and proposed a plan to remove them in or around September 2027, which
is more than a year and half from now, unless they have significantly
improved in the interim.

Right, but the current course doesn't seem to make that likely.

- I have done more to improve lpd and keep it alive in the last 5 days
than everyone else combined in the last 25 years. But I can't
continue to neglect my paying customers to fix something that almost
nobody uses. Someone will have to step up to either do the work or
hire me to do it.

Yes, I understood this too, just not the details.

- Simply moving the code to ports will do nothing to address the
underlying issue, and I will strenuously object to adding software
with known vulnerabilities to the ports tree.

Agreed. Moving to ports is exactly what I don't want to do.

- Some of the issues with lpd cannot be fixed because they are
inherent to its design, which cannot be changed without breaking
compatibility, which is _the only reason_ to keep lpd. The rest
of the world has moved on to IPP.

You've caught me here. I had never heard of IPP. My understanding is
that it, too, is not supported by the base system. What would it take
to change that? It looks as if it could be a good alternative.
Declaring lpd obsolete would be fine then, and people who really want
it could then use a port.

But CUPS is not the answer either, for most of the same reasons. In
addition, a comment from Theo (who confirmed that nobody had spoken to
the OpenBSD community):

well, let them enjoy cups. I have studied that monster a few times.
it is a huge piece of software lacking any attempt at a security
architecture, and a culture around it that will never make changes.
in such circumstances, i always stick to small pieces of software
where we can hopefully delineate the boundaries.

Would you see things differently?

Greg
--
Sent from my desktop computer.
See complete headers for address and phone numbers.
This message is digitally signed. If your Microsoft mail program
reports problems, please read http://lemis.com/broken-MUA.php

--02Fb3mvUe52Xhuhm
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSaG4ICvM64RvkvCawi5vKQUHpCIwUCaZ5rBAAKCRAi5vKQUHpC I0V9AJ9bq++wMbylcmVaVE48wTnIOmERdwCdGtMgL/oEFid+/hWfsGyqYtjRDyA=
=KBiS
-----END PGP SIGNATURE-----

--02Fb3mvUe52Xhuhm--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

--0000000000000b8909064b9e5663
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

IPP is the protocol that CUPS speaks. There may be other implementations,
but Linux having adopted CUPS /en masse/ makes it somewhat unlikely.

On Tue, Feb 24, 2026 at 10:23=E2=80=AFPM Greg 'groggy' Lehey <grog@freebsd.=

wrote:

On Tuesday, 24 February 2026 at 12:30:39 +0100, Dag-Erling Sm=C3=B8rgrav =

wrote:

Greg 'groggy' Lehey <grog@freebsd.org> writes:

I'm really quite concerned about the plans to remove lpd. I
understand that there are security issues with lpd, even if I haven't
heard any reports of exploits in over a third of a century, but the
approach seems wrong to me.

Feel free to review https://reviews.freebsd.org/D55399 yourself, keepin=

g

in mind that it addresses only _some_ of the issues I found in just
_one_ of the 28 source files that make up lpr / lpd.

No, I believe you. You've only quoted the start of my message, and
even there I say that I accept that there are security issues. That's
why I didn't copy you explicitly on my message.

The real point of the message was further down, which you don't quote,
and which core@ has not addressed at all: we shouldn't remove basic functionality from the base system.

Still, to your points:

I estimate the effort needed to overhaul the entire code base and
add tests to about 200 hours or two months full-time.

Noted. I didn't expect the current code to be salvageable.

I would also like to point out that:

- I have not removed lpr / lpd. I have merely marked them deprecated
and proposed a plan to remove them in or around September 2027, which
is more than a year and half from now, unless they have significantly
improved in the interim.

Right, but the current course doesn't seem to make that likely.

- I have done more to improve lpd and keep it alive in the last 5 days
than everyone else combined in the last 25 years. But I can't
continue to neglect my paying customers to fix something that almost
nobody uses. Someone will have to step up to either do the work or
hire me to do it.

Yes, I understood this too, just not the details.

- Simply moving the code to ports will do nothing to address the
underlying issue, and I will strenuously object to adding software
with known vulnerabilities to the ports tree.

Agreed. Moving to ports is exactly what I don't want to do.

- Some of the issues with lpd cannot be fixed because they are
inherent to its design, which cannot be changed without breaking
compatibility, which is _the only reason_ to keep lpd. The rest
of the world has moved on to IPP.

You've caught me here. I had never heard of IPP. My understanding is
that it, too, is not supported by the base system. What would it take
to change that? It looks as if it could be a good alternative.
Declaring lpd obsolete would be fine then, and people who really want
it could then use a port.

But CUPS is not the answer either, for most of the same reasons. In addition, a comment from Theo (who confirmed that nobody had spoken to
the OpenBSD community):

well, let them enjoy cups. I have studied that monster a few times.
it is a huge piece of software lacking any attempt at a security
architecture, and a culture around it that will never make changes.
in such circumstances, i always stick to small pieces of software
where we can hopefully delineate the boundaries.

Would you see things differently?

Greg
--
Sent from my desktop computer.
See complete headers for address and phone numbers.
This message is digitally signed. If your Microsoft mail program
reports problems, please read http://lemis.com/broken-MUA.php

--=20
brandon s allbery kf8nh
allbery.b@gmail.com

--0000000000000b8909064b9e5663
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">IPP is the protocol that CUPS speaks. There may be other i= mplementations, but Linux having adopted CUPS /en masse/ makes it somewhat = unlikely.</div><br><div class=3D"gmail_quote gmail_quote_container"><div di= r=3D"ltr" class=3D"gmail_attr">On Tue, Feb 24, 2026 at 10:23=E2=80=AFPM Gre=
g &#39;groggy&#39; Lehey &lt;<a href=3D"mailto:grog@freebsd.org">grog@freeb= sd.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"m= argin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left= :1ex">On Tuesday, 24 February 2026 at 12:30:39 +0100, Dag-Erling Sm=C3=B8rg= rav wrote:<br>
&gt; Greg &#39;groggy&#39; Lehey &lt;<a href=3D"mailto:grog@freebsd.org" ta= rget=3D"_blank">grog@freebsd.org</a>&gt; writes:<br>
&gt;&gt; I&#39;m really quite concerned about the plans to remove lpd.=C2=
=A0 I<br>
&gt;&gt; understand that there are security issues with lpd, even if I have= n&#39;t<br>
&gt;&gt; heard any reports of exploits in over a third of a century, but th= e<br>
&gt;&gt; approach seems wrong to me.<br>
&gt;<br>
&gt; Feel free to review <a href=3D"https://reviews.freebsd.org/D55399" rel= =3D"noreferrer" target=3D"_blank">https://reviews.freebsd.org/D55399</a> yo= urself, keeping<br>
&gt; in mind that it addresses only _some_ of the issues I found in just<br=

&gt; _one_ of the 28 source files that make up lpr / lpd.<br>

No, I believe you.=C2=A0 You&#39;ve only quoted the start of my message, an= d<br>
even there I say that I accept that there are security issues.=C2=A0 That&#= 39;s<br>
why I didn&#39;t copy you explicitly on my message.<br>

The real point of the message was further down, which you don&#39;t quote,<=

and which core@ has not addressed at all: we shouldn&#39;t remove basic<br> functionality from the base system.<br>

Still, to your points:<br>

&gt; I estimate the effort needed to overhaul the entire code base and<br>
&gt; add tests to about 200 hours or two months full-time.<br>

Noted.=C2=A0 I didn&#39;t expect the current code to be salvageable.<br>

&gt; I would also like to point out that:<br>
&gt;<br>
&gt; - I have not removed lpr / lpd.=C2=A0 I have merely marked them deprec= ated<br>
&gt;=C2=A0 =C2=A0and proposed a plan to remove them in or around September = 2027, which<br>
&gt;=C2=A0 =C2=A0is more than a year and half from now, unless they have si= gnificantly<br>
&gt;=C2=A0 =C2=A0improved in the interim.<br>

Right, but the current course doesn&#39;t seem to make that likely.<br>

&gt; - I have done more to improve lpd and keep it alive in the last 5 days=

&gt;=C2=A0 =C2=A0than everyone else combined in the last 25 years.=C2=A0 Bu=
t I can&#39;t<br>
&gt;=C2=A0 =C2=A0continue to neglect my paying customers to fix something t= hat almost<br>
&gt;=C2=A0 =C2=A0nobody uses.=C2=A0 Someone will have to step up to either =
do the work or<br>
&gt;=C2=A0 =C2=A0hire me to do it.<br>

Yes, I understood this too, just not the details.<br>

&gt; - Simply moving the code to ports will do nothing to address the<br> &gt;=C2=A0 =C2=A0underlying issue, and I will strenuously object to adding = software<br>
&gt;=C2=A0 =C2=A0with known vulnerabilities to the ports tree.<br>

Agreed.=C2=A0 Moving to ports is exactly what I don&#39;t want to do.<br>

&gt; - Some of the issues with lpd cannot be fixed because they are<br> &gt;=C2=A0 =C2=A0inherent to its design, which cannot be changed without br= eaking<br>
&gt;=C2=A0 =C2=A0compatibility, which is _the only reason_ to keep lpd.=C2=
=A0 The rest<br>
&gt;=C2=A0 =C2=A0of the world has moved on to IPP.<br>

You&#39;ve caught me here.=C2=A0 I had never heard of IPP.=C2=A0 My underst= anding is<br>
that it, too, is not supported by the base system.=C2=A0 What would it take=

to change that?=C2=A0 It looks as if it could be a good alternative.<br> Declaring lpd obsolete would be fine then, and people who really want<br>
it could then use a port.<br>

But CUPS is not the answer either, for most of the same reasons.=C2=A0 In<b=

addition, a comment from Theo (who confirmed that nobody had spoken to<br>
the OpenBSD community):<br>

=C2=A0 well, let them enjoy cups.=C2=A0 I have studied that monster a few t= imes.<br>
=C2=A0 it is a huge piece of software lacking any attempt at a security<br> =C2=A0 architecture, and a culture around it that will never make changes.<=

=C2=A0 in such circumstances, i always stick to small pieces of software<br=

=C2=A0 where we can hopefully delineate the boundaries.<br>

Would you see things differently?<br>

Greg<br>
--<br>
Sent from my desktop computer.<br>
See complete headers for address and phone numbers.<br>
This message is digitally signed.=C2=A0 If your Microsoft mail program<br> reports problems, please read <a href=3D"http://lemis.com/broken-MUA.php" r= el=3D"noreferrer" target=3D"_blank">http://lemis.com/broken-MUA.php</a><br> </blockquote></div><div><br clear=3D"all"></div><div><br></div><span class= =3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_s= ignature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div>brandon s allbery kf8= nh</div><div><a href=3D"mailto:allbery.b@gmail.com" target=3D"_blank">allbe= ry.b@gmail.com</a></div></div></div></div></div>

--0000000000000b8909064b9e5663--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

On Feb 24, 2026, at 7:22rC>PM, Greg 'groggy' Lehey <grog@freebsd.org> wrote:

You've caught me here. I had never heard of IPP. My understanding is
that it, too, is not supported by the base system. What would it take
to change that? It looks as if it could be a good alternative.

CUPS!

Declaring lpd obsolete would be fine then, and people who really want
it could then use a port.

But CUPS is not the answer either, for most of the same reasons. In addition, a comment from Theo (who confirmed that nobody had spoken to
the OpenBSD community):

well, let them enjoy cups. I have studied that monster a few times.
it is a huge piece of software lacking any attempt at a security
architecture, and a culture around it that will never make changes.
in such circumstances, i always stick to small pieces of software
where we can hopefully delineate the boundaries.

Note that CUPS is maintained unlike BSD's lpd & it also used on MacOS.
It is licensed under Apache-2.0 and some exceptions. It comes with a
collection of programs including lpr, lpd etc.
It doesn't make sense to try to do a from-scratch lpd that supports IPP,
or spend any resources on such an effort as this is a complex subsystem.
Or updating lpd & friends to talk to modern printers.
Normally I am a fan of maintaining old programs but it doesn't seem
worth it here.--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

Greg 'groggy' Lehey <grog@freebsd.org> writes:

The real point of the message was further down, which you don't quote,
and which core@ has not addressed at all: we shouldn't remove basic functionality from the base system.

Why not? We do that all the time. I don't think a single year has gone
by in the project's history where we haven't removed something that had
become too costly to maintain to justify keeping it. You of all people
should remember that we retired Vinum just over a year ago, to pick just
one example.
And again, in all caps this time: I HAVE NOT REMOVED LPD. So how about
you go lobby the Foundation to hire me to fix it, instead of asking Core
to censor me for something I haven't done?
DES
--
Dag-Erling Sm|+rgrav - des@FreeBSD.org
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

Brandon Allbery <allbery.b@gmail.com> writes:

IPP is the protocol that CUPS speaks. There may be other
implementations, but Linux having adopted CUPS /en masse/ makes it
somewhat unlikely.

IPP is the protocol that all modern network printer speaks. It predates
CUPS by several years. Some printers also support LPDP for historical
reasons, but as previously mentioned, there is no proper spec for LPDP,
and it's a shitty protocol anyway.
To summarize, lpr / lpd were originally written to run on a single host
and communicate solely through the filesystem; later on, someone tacked
on network support in the form of what is effectively a file transfer
protocol that lets lpd on one host write to another host's spool. And I
do mean a file transfer protocol; there are practically no constraints
on what the client may send. Until 1997, if you could connect to lpd,
you could write anywhere on the filesystem that lpd could access. Still
today, you can fill the spool with garbage that lpd will never process
or delete, and under some circumstances remotely delete files you didn't create, possibly including lpd's own lock file. All of this with no authentication whatsoever beyond a simple source address:port check.
DES
--
Dag-Erling Sm|+rgrav - des@FreeBSD.org
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

John Baldwin <jhb@FreeBSD.org> writes:

If the standard for being in ports was "no known vulnerabilities" I
think we wouldn't have much of a ports collection.

That is in fact the standard. Ports with known vulnerabilities get
marked FORBIDDEN and are removed unless fixed within a few months.
DES
--
Dag-Erling Sm|+rgrav - des@FreeBSD.org
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

On 25/02/2026 19:21, Marek Zarychta wrote:

[...]

In the case of lpd(1) and the traditional printing toolchain, no one has such illusions. For a quarter of a century now, all new deployments have been based on the CUPS printing system, which is permissively licensed
and readily available in the ports.

no one, all and everybody, these assumptions can be very fragile in discussions of this type (history has proven this many times) :)

Best regards
Miroslav Lachman



--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable


--=_MailMate_358B98BF-DEB0-4491-BC32-77577750A325_=
Content-Type: text/plain; format=flowed; markup=markdown

On 23 Feb 2026, at 21:43, Greg 'groggy' Lehey wrote:

I'm really quite concerned about the plans to remove lpd. I
understand that there are security issues with lpd, even if I haven't
heard any reports of exploits in over a third of a century, but the
approach seems wrong to me. If we follow this direction, we can pare
down FreeBSD to a bare minimum (the kernel and what else?).

So what should be done? I'm explicitly copying core@ on this, though
I assume that you have all been following things. But this is a basic
issue for the project, so core@ (and not srcmgr@) should have a
position on this.

I understand that des no longer feels interested in maintaining lpd or
fixing its apparently numerous bugs. But there are alternatives:

1. Find somebody who *is* interested. I haven't seen anything on the
mailing lists asking for this. Why not?

2. Take the corresponding code from another BSD, like we have done in
the past. des tells us, without details, that the OpenBSD code
has the same bugs. I've asked numerous times, but nobody has told
me whether they have spoken with the OpenBSD project about it.
And what about NetBSD or DragonflyBSD?

3. Make it a shared project amongst BSDs, like make(1).

Hmm. I seem to be out of some loop here.

First let me apologize for not following much of anything in FreeBSD in
the past 2-3 weeks. We (RPI) had a major screwup with our VM cluster a
few weeks ago, which triggered an abrupt reboot of many of our virtual machines, required a reboot of all our virtual machines to alleviate
some dangers, and is now requiring a second reboot of all our virtual
machines because the first fix was incomplete so we now need to fix the
fix.

I'm still in the middle of the second round of reboots, but I'll try
catch up on the mailing lists and comment further later today. It might
not be today because I'm still caught up in the cycle of reboots at
work. This week is spring break for us so usually I'd have a lot of
spare time, but this spring break has busy.

Also, I went to do a minor macOS upgrade on my main PGP-capable mac last
week, and instead that mac was upgraded two major versions of macOS.
When I went to post this, I find that PGP isn't working for me anymore.
I don't use PGP much, but I know it was working fine back in the end of January. But you can trust it's me. Who else would willingly *want* to
admit that they have something to do with `lpd`?
--
Garance Alistair Drosehn = gadcode@earthlink.net
Lead Developer @rpi and gad@FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA

--=_MailMate_358B98BF-DEB0-4491-BC32-77577750A325_=
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"=

</head>
<body><div style=3D"font-family: sans-serif;"><div class=3D"markdown" sty= le=3D"white-space: normal;">
<p dir=3D"auto">On 23 Feb 2026, at 21:43, Greg 'groggy' Lehey wrote:</p> <blockquote style=3D"margin: 0 0 5px; padding-left: 5px; border-left: 2px=
solid #777777; color: #777777;">
<p dir=3D"auto">I'm really quite concerned about the plans to remove lpd.=
I<br>
understand that there are security issues with lpd, even if I haven't<br>=

heard any reports of exploits in over a third of a century, but the<br> approach seems wrong to me. If we follow this direction, we can pare<br>=

down FreeBSD to a bare minimum (the kernel and what else?).</p>
<p dir=3D"auto">So what should be done? I'm explicitly copying core@ on = this, though<br>
I assume that you have all been following things. But this is a basic<br=

issue for the project, so core@ (and not srcmgr@) should have a<br>
position on this.</p>
<p dir=3D"auto">I understand that des no longer feels interested in maint= aining lpd or<br>
fixing its apparently numerous bugs. But there are alternatives:</p>


<p dir=3D"auto">Find somebody who <em>is</em> interested. I haven't seen=
anything on the<br>
mailing lists asking for this. Why not?</p>
</li>

<p dir=3D"auto">Take the corresponding code from another BSD, like we hav=
e done in<br>
the past. des tells us, without details, that the OpenBSD code<br>
has the same bugs. I've asked numerous times, but nobody has told<br>
me whether they have spoken with the OpenBSD project about it.<br>
And what about NetBSD or DragonflyBSD?</p>
</li>

<p dir=3D"auto">Make it a shared project amongst BSDs, like make(1).</p>
</li>
</ol>
</blockquote>
<p dir=3D"auto">Hmm. I seem to be out of some loop here.</p>
<p dir=3D"auto">First let me apologize for not following much of anything=
in FreeBSD in the past 2-3 weeks. We (RPI) had a major screwup with our=
VM cluster a few weeks ago, which triggered an abrupt reboot of many of =
our virtual machines, required a reboot of all our virtual machines to al= leviate some dangers, and is now requiring a second reboot of all our vir=
tual machines because the first fix was incomplete so we now need to fix =
the fix.</p>
<p dir=3D"auto">I'm still in the middle of the second round of reboots, b=
ut I'll try catch up on the mailing lists and comment further later today=
=2E It might not be today because I'm still caught up in the cycle of re= boots at work. This week is spring break for us so usually I'd have a lo=
t of spare time, but this spring break has busy.</p>
<p dir=3D"auto">Also, I went to do a minor macOS upgrade on my main PGP-c= apable mac last week, and instead that mac was upgraded two major version=
s of macOS. When I went to post this, I find that PGP isn't working for =
me anymore. I don't use PGP much, but I know it was working fine back in=
the end of January. But you can trust it's me. Who else would willingl=
y <em>want</em> to admit that they have something to do with <code style=3D= "margin: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F= 7F7F7;">lpd</code>?</p>
</div><div id=3D"1E5069B8-B094-48FD-8A96-D66CC42C52FB"><!DOCTYPE html><di=
v dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-serif; fon= t-style: normal; font-variant-caps: normal; font-weight: normal; letter-s= pacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-= transform: none; white-space: pre-wrap; widows: auto; word-spacing: 0px; = -webkit-text-stroke-width: 0px;">-- =

</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s= erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Garance Alistair Drosehn =
=3D gadcode@earthlink.net
</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s= erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Lead Developer @rpi =
and gad@FreeBSD.org
</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s= erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Rensselaer Polytechnic Institut=
e; Troy, NY; USA</div></div>
<div class=3D"markdown" style=3D"white-space: normal;">

</div>
</div>
</body>

</html>

--=_MailMate_358B98BF-DEB0-4491-BC32-77577750A325_=--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

This is an OpenPGP/MIME signed message (RFC 3156 and 4880).

--=_MailMate_1B1F9872-A58A-4C86-B9A6-F251725CE4C5_=
Content-Type: multipart/alternative;
boundary="=_MailMate_181DE090-98A2-49A9-9049-D6515C038941_="


--=_MailMate_181DE090-98A2-49A9-9049-D6515C038941_=
Content-Type: text/plain; charset=UTF-8; markup=markdown Content-Transfer-Encoding: quoted-printable

On 4 Mar 2026, at 13:20, Garance A Drosehn wrote:

On 23 Feb 2026, at 21:43, Greg 'groggy' Lehey wrote:

I'm really quite concerned about the plans to remove lpd. I
understand that there are security issues with lpd, even if I haven't
heard any reports of exploits in over a third of a century, but the
approach seems wrong to me. If we follow this direction, we can pare
down FreeBSD to a bare minimum (the kernel and what else?).

So what should be done? I'm explicitly copying core@ on this, though
I assume that you have all been following things. But this is a basic=

issue for the project, so core@ (and not srcmgr@) should have a
position on this.

I understand that des no longer feels interested in maintaining lpd or=

fixing its apparently numerous bugs. But there are alternatives:

1. Find somebody who *is* interested. I haven't seen anything on the=

mailing lists asking for this. Why not?

2. Take the corresponding code from another BSD, like we have done in=

the past. des tells us, without details, that the OpenBSD code
has the same bugs. I've asked numerous times, but nobody has told=

me whether they have spoken with the OpenBSD project about it.
And what about NetBSD or DragonflyBSD?

3. Make it a shared project amongst BSDs, like make(1).

Hmm. I seem to be out of some loop here.

First let me apologize for not following much of anything in FreeBSD in=

the past 2-3 weeks. We (RPI) had a major screwup with our VM cluster a =
few weeks ago, which triggered an abrupt reboot of many of our virtual ma= chines, required a reboot of

all our virtual machines to alleviate some [urgent] dangers, and is now=

requiring

a second reboot of all our virtual machines because the first fix was i=

ncomplete

so we now need to fix the fix.

Well, we (at RPI) have made it through the second set of reboots successf= ully, so now I can at least catch up on some of what's been happening. W=
ell really all that I've read is some of this thread, because I also need=
to catch up on my sleep.

People with good memories might remember that when I got my commit bit ma=
ny years ago, it was for fixing things in `lpr`/`lpd`. I then branched o=
ut into a few other parts of the base system, but in the past ten years I=
haven't done much of anything on those other parts. But I did still lik=
e the idea of working on `lpr`/`lpd`. I disconnected from the other part=
s of the system, but still kept my eye on `lpr`/`lpd`.

Back in January Warner sent me an email saying *"It's been several years = since you've committed to lpr/lpd. Is that still something you're=C2=A0in= terested flagging=C2=A0for review in MAINTAINERS?".* I appreciate him re= aching out like that, even if he was only trying to see if I was still al=
ive. :) I replied *"Yes, at least for now. Thanks."* I expected to get=
some `lpd`-related emails after that, but have not seen any. I realize =
that it could be that some were sent and I missed them.

While I don't track developer emails anywhere near as much as I should, I=
do still scan email subjects for `lpd`. Following Warner's email, the f=
irst email I've seen with that in the subject was the one which started t=
his thread. Well, technically it was the one from Phabricator for *"D295=
66: lpd: Add -F flag to prevent daemonizing"*, which puzzled me because I=
thought that change was already committed. But I read that email about =
2 minutes before I read the first message in this thread.

(aside: I am also on some OpeBSD mailing lists, mainly just so I could fo=
llow `lpd`/`lpr` posts in the land of OpenBSD. While there have been a f=
ew changes there, none of them seemed particularly urgent.)

I'll admit that right now I'm of two minds on this. Part of me wants to = point to all the commits that I have made to `lpr`/`lpd` and say *"What t=
he hell guys? If there's a problem then why didn't anyone contact me?"*.=
However, part of me looks at the fact that I'm old and tired, and that =
I haven't read much of **any** FreeBSD-related email in a few weeks, and =
I wonder if maybe it's time for me to hang up the old commit bit.

I see that DES has committed several changes very recently, but I haven't=
looked through them yet. Somewhere in this thread DES claims he's done =
more for `lpd` than anyone else in the last 25 years. I'm sure that's tr=
ue if we measured the last 15 years, but I really doubt it's true for the=
last 25 years. And in the last 15 years I haven't seen much of any inte=
rest in `lpr`/`lpd` from anyone on any FreeBSD mailing list.

Feeding into my ambivalence is that my full-time job has been painfully b=
usy for a few years, as RPI keeps trying to get by with less than half of=
the IT staff that it really needs. So right now I'm torn between quitti=
ng FreeBSD versus quitting my job at RPI (well, "retiring" more than "qui= tting". Yes, I'm that old...).

Also, I went to do a minor macOS upgrade on my main PGP-capable mac las=

t week, and instead that mac was upgraded two major versions of macOS. W=
hen I went to post this, I find that PGP isn't working for me anymore. I=
don't use PGP much, but I know it was working fine back in the end of Ja= nuary. But you can trust it's me. Who else would willingly *want* to ad=
mit that they have something to do with `lpd`?

I think I've fixed the issues with PGP email. If you see this paragraph,=
than I have!


-- =

Garance Alistair Drosehn =3D gadcode@earthlink.net
Lead Developer @rpi and gad@FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA

--=_MailMate_181DE090-98A2-49A9-9049-D6515C038941_=
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"=

</head>
<body><div style=3D"font-family: sans-serif;"><div class=3D"markdown" sty= le=3D"white-space: normal;">
<p dir=3D"auto">On 4 Mar 2026, at 13:20, Garance A Drosehn wrote:</p> <blockquote style=3D"margin: 0 0 5px; padding-left: 5px; border-left: 2px=
solid #777777; color: #777777;">
<p dir=3D"auto">On 23 Feb 2026, at 21:43, Greg 'groggy' Lehey wrote:</p> <blockquote style=3D"margin: 0 0 5px; padding-left: 5px; border-left: 2px=
solid #777777; border-left-color: #999999; color: #999999;">
<p dir=3D"auto">I'm really quite concerned about the plans to remove lpd.=
I<br>
understand that there are security issues with lpd, even if I haven't<br>=

heard any reports of exploits in over a third of a century, but the<br> approach seems wrong to me. If we follow this direction, we can pare<br>=

down FreeBSD to a bare minimum (the kernel and what else?).</p>
<p dir=3D"auto">So what should be done? I'm explicitly copying core@ on = this, though<br>
I assume that you have all been following things. But this is a basic<br=

issue for the project, so core@ (and not srcmgr@) should have a<br>
position on this.</p>
<p dir=3D"auto">I understand that des no longer feels interested in maint= aining lpd or<br>
fixing its apparently numerous bugs. But there are alternatives:</p>


<p dir=3D"auto">Find somebody who <em>is</em> interested. I haven't seen=
anything on the<br>
mailing lists asking for this. Why not?</p>
</li>

<p dir=3D"auto">Take the corresponding code from another BSD, like we hav=
e done in<br>
the past. des tells us, without details, that the OpenBSD code<br>
has the same bugs. I've asked numerous times, but nobody has told<br>
me whether they have spoken with the OpenBSD project about it.<br>
And what about NetBSD or DragonflyBSD?</p>
</li>

<p dir=3D"auto">Make it a shared project amongst BSDs, like make(1).</p>
</li>
</ol>
</blockquote>
<p dir=3D"auto">Hmm. I seem to be out of some loop here.</p>
<p dir=3D"auto">First let me apologize for not following much of anything=
in FreeBSD in the past 2-3 weeks. We (RPI) had a major screwup with our=
VM cluster a few weeks ago, which triggered an abrupt reboot of many of =
our virtual machines, required a reboot of<br>
all our virtual machines to alleviate some [urgent] dangers, and is now r= equiring<br>
a second reboot of all our virtual machines because the first fix was inc= omplete<br>
so we now need to fix the fix.</p>
</blockquote>
<p dir=3D"auto">Well, we (at RPI) have made it through the second set of = reboots successfully, so now I can at least catch up on some of what's be=
en happening. Well really all that I've read is some of this thread, bec=
ause I also need to catch up on my sleep.</p>
<p dir=3D"auto">People with good memories might remember that when I got =
my commit bit many years ago, it was for fixing things in <code style=3D"= margin: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F7= F7F7;">lpr</code>/<code style=3D"margin: 0 0; padding: 0 0.25em; border-r= adius: 3px; background-color: #F7F7F7;">lpd</code>. I then branched out =
into a few other parts of the base system, but in the past ten years I ha= ven't done much of anything on those other parts. But I did still like t=
he idea of working on <code style=3D"margin: 0 0; padding: 0 0.25em; bord= er-radius: 3px; background-color: #F7F7F7;">lpr</code>/<code style=3D"mar=
gin: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F7F7F= 7;">lpd</code>. I disconnected from the other parts of the system, but s=
till kept my eye on <code style=3D"margin: 0 0; padding: 0 0.25em; border= -radius: 3px; background-color: #F7F7F7;">lpr</code>/<code style=3D"margi=
n: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F7F7F7;= ">lpd</code>.</p>
<p dir=3D"auto">Back in January Warner sent me an email saying <em>&quot;=
It's been several years since you've committed to lpr/lpd. Is that still = something you're=C2=A0interested flagging=C2=A0for review in MAINTAINERS?= &quot;.</em> I appreciate him reaching out like that, even if he was onl=
y trying to see if I was still alive. :) I replied <em>&quot;Yes, at le=
ast for now. Thanks.&quot;</em> I expected to get some <code style=3D"ma= rgin: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F7F7= F7;">lpd</code>-related emails after that, but have not seen any. I real=
ize that it could be that some were sent and I missed them.</p>
<p dir=3D"auto">While I don't track developer emails anywhere near as muc=
h as I should, I do still scan email subjects for <code style=3D"margin: =
0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F7F7F7;">l= pd</code>. Following Warner's email, the first email I've seen with that=
in the subject was the one which started this thread. Well, technically=
it was the one from Phabricator for <em>&quot;D29566: lpd: Add -F flag t=
o prevent daemonizing&quot;</em>, which puzzled me because I thought that=
change was already committed. But I read that email about 2 minutes bef=
ore I read the first message in this thread.</p>
<p dir=3D"auto">(aside: I am also on some OpeBSD mailing lists, mainly ju=
st so I could follow <code style=3D"margin: 0 0; padding: 0 0.25em; borde= r-radius: 3px; background-color: #F7F7F7;">lpd</code>/<code style=3D"marg=
in: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F7F7F7= ;">lpr</code> posts in the land of OpenBSD. While there have been a few = changes there, none of them seemed particularly urgent.)</p>
<p dir=3D"auto">I'll admit that right now I'm of two minds on this. Part=
of me wants to point to all the commits that I have made to <code style=3D= "margin: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F= 7F7F7;">lpr</code>/<code style=3D"margin: 0 0; padding: 0 0.25em; border-= radius: 3px; background-color: #F7F7F7;">lpd</code> and say <em>&quot;Wha=
t the hell guys? If there's a problem then why didn't anyone contact me?= &quot;</em>. However, part of me looks at the fact that I'm old and tire=
d, and that I haven't read much of <strong>any</strong> FreeBSD-related e=
mail in a few weeks, and I wonder if maybe it's time for me to hang up th=
e old commit bit.</p>
<p dir=3D"auto">I see that DES has committed several changes very recentl=
y, but I haven't looked through them yet. Somewhere in this thread DES c= laims he's done more for <code style=3D"margin: 0 0; padding: 0 0.25em; b= order-radius: 3px; background-color: #F7F7F7;">lpd</code> than anyone els=
e in the last 25 years. I'm sure that's true if we measured the last 15 = years, but I really doubt it's true for the last 25 years. And in the la=
st 15 years I haven't seen much of any interest in <code style=3D"margin:=
0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F7F7F7;">= lpr</code>/<code style=3D"margin: 0 0; padding: 0 0.25em; border-radius: =
3px; background-color: #F7F7F7;">lpd</code> from anyone on any FreeBSD ma= iling list.</p>
<p dir=3D"auto">Feeding into my ambivalence is that my full-time job has =
been painfully busy for a few years, as RPI keeps trying to get by with l=
ess than half of the IT staff that it really needs. So right now I'm tor=
n between quitting FreeBSD versus quitting my job at RPI (well, &quot;ret= iring&quot; more than &quot;quitting&quot;. Yes, I'm that old...).</p> <blockquote style=3D"margin: 0 0 5px; padding-left: 5px; border-left: 2px=
solid #777777; color: #777777;">
<p dir=3D"auto">Also, I went to do a minor macOS upgrade on my main PGP-c= apable mac last week, and instead that mac was upgraded two major version=
s of macOS. When I went to post this, I find that PGP isn't working for =
me anymore. I don't use PGP much, but I know it was working fine back in=
the end of January. But you can trust it's me. Who else would willingl=
y <em>want</em> to admit that they have something to do with <code style=3D= "margin: 0 0; padding: 0 0.25em; border-radius: 3px; background-color: #F= 7F7F7;">lpd</code>?</p>
</blockquote>
<p dir=3D"auto">I think I've fixed the issues with PGP email. If you see=
this paragraph, than I have!</p>
</div><div id=3D"1E5069B8-B094-48FD-8A96-D66CC42C52FB"><!DOCTYPE html><di=
v dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-serif; fon= t-style: normal; font-variant-caps: normal; font-weight: normal; letter-s= pacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-= transform: none; white-space: pre-wrap; widows: auto; word-spacing: 0px; = -webkit-text-stroke-width: 0px;">-- =

</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s= erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Garance Alistair Drosehn =
=3D gadcode@earthlink.net
</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s= erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Lead Developer @rpi =
and gad@FreeBSD.org
</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s= erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Rensselaer Polytechnic Institut=
e; Troy, NY; USA</div></div>
<div class=3D"markdown" style=3D"white-space: normal;">

</div>
</div>
</body>

</html>

--=_MailMate_181DE090-98A2-49A9-9049-D6515C038941_=--

--=_MailMate_1B1F9872-A58A-4C86-B9A6-F251725CE4C5_=
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=signature.asc
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQKkBAEBCgCOFiEEv4ee5i2+l7cwOR75y7uxrsysBS8FAmmt2xBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJG ODc5RUU2MkRCRTk3QjczMDM5MUVGOUNCQkJCMUFFQ0NBQzA1MkYQHGdhZEBmcmVl YnNkLm9yZwAKCRDLu7GuzKwFL8uaEACWrp25dH1ojORI7QWC93oYAg3iwIwwuJYC EGMdAkIAiquzeteYWQ+xXOLREKK0xzedr1Nfoz2V5CV5RnqqKSgUU2xvXLhBmIfT khl6DJvy6qwR4LL4Ua1FrycywSCtuqeSrCI+2s5Dk11uGqxqroHONq60OtowsJhq elhlGQbBaaENAFox/x1EzBcE+DFXmFBlB0mG1JwiQvnBFKPj0vmLW1VviJ7hXDG8 qacNjXFlCh74BODJ4y73A72aKwH9MahGVAFlzyRz7s4bGzkezh4dYgKsVKsz6wP9 KXSEHyWopBx/2lnImrPqo42dkg/l8cWwyWAhvgPB6BCfIuGSVZXCJroGpdmnFYO5 1WGL8jlSJIYphvkN/9gCD21haNu3cbXSMRcM/wmsZ5oa5M/sOuqixuOZY740ZvNK B8bBsRHtd5CSsP8jIX4G5/a+a6Tu2jqZNcN2DZEH90RzadGrANPynbzk3Os1gxuM dZYy8tMTpgmzWBcp4PcyKW47bT+om/05poArck6mvMIqsPQS9du1haxJf2FGP24l YylhE2/TctQ+fgqImuu/9Ev0qv3bRhvWpTuQfC2mBKR4N6Gshh4GKW6yZeOXk5JP EGPMXXFT8aTzQx338p0YaInSOB8Srenv1bgYSh0AmY9iNiCdmJZXl1MWy/0UkVul
/e11y/d+AQ==
=WXpo
-----END PGP SIGNATURE-----

--=_MailMate_1B1F9872-A58A-4C86-B9A6-F251725CE4C5_=--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.stable

--0000000000008bfbc1064c9fca8d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, Mar 8, 2026 at 2:25=E2=80=AFPM Garance A Drosehn <gad@freebsd.org> = wrote:

Back in January Warner sent me an email saying *"It's been several years since you've committed to lpr/lpd. Is that still something
you're interested flagging for review in MAINTAINERS?".* I appreciate him reaching out like that, even if he was only trying to see if I was still alive. :) I replied *"Yes, at least for now. Thanks."* I expected to get
some lpd-related emails after that, but have not seen any. I realize that
it could be that some were sent and I missed them.

Yea. I was just tidying up the MAINTAINDERS / CODEOWNERS files. Nothing
beyond that. It's completely unrelated to des' efforts.

Warner



--0000000000008bfbc1064c9fca8d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote g= mail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Sun, Mar 8, = 2026 at 2:25=E2=80=AFPM Garance A Drosehn &lt;<a href=3D"mailto:gad@freebsd= .org">gad@freebsd.org</a>&gt; wrote:</div><blockquote class=3D"gmail_quote"=
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);p= adding-left:1ex"><div><div style=3D"font-family:sans-serif"><div style=3D"w= hite-space:normal">
<p dir=3D"auto">Back in January Warner sent me an email saying <em>&quot;It= &#39;s been several years since you&#39;ve committed to lpr/lpd. Is that st= ill something you&#39;re=C2=A0interested flagging=C2=A0for review in MAINTA= INERS?&quot;.</em> I appreciate him reaching out like that, even if he was=
only trying to see if I was still alive. :) I replied <em>&quot;Yes, at = least for now. Thanks.&quot;</em> I expected to get some <code style=3D"ma= rgin:0px;padding:0px 0.25em;border-radius:3px;background-color:rgb(247,247,= 247)">lpd</code>-related emails after that, but have not seen any. I reali=
ze that it could be that some were sent and I missed them.</p></div></div><= /div></blockquote><div>Yea. I was just tidying up the MAINTAINDERS / CODEOW= NERS files. Nothing beyond that. It&#39;s completely unrelated to des&#39; = efforts.</div><div><br></div><div>Warner</div><blockquote class=3D"gmail_qu= ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20= 4);padding-left:1ex"><div><div style=3D"font-family:sans-serif">
<div style=3D"white-space:normal">

</div>
</div>
</div>


</blockquote></div></div>

--0000000000008bfbc1064c9fca8d--


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21d-Linux NewsLink 1.2