|
|
Subscribe / Log in / New account

The Linux Foundation picks up FRRouting

The Linux Foundation picks up FRRouting

Posted Apr 5, 2017 1:38 UTC (Wed) by mdolan (subscriber, #104340)
In reply to: The Linux Foundation picks up FRRouting by jhoblitt
Parent article: The Linux Foundation picks up FRRouting

There are a few thousand patches, including high severity security patches, that were not being accepted or even looked at by the sole maintainer of quagga. Companies were maintaining all the patches on their own, each duplicating effort. This is where GPLv2+ licensing just isn't enough - everyone had everyone else's code but the governance of the project needed to open up to scale with additional maintainers.

to post comments

The Linux Foundation picks up FRRouting

Posted Apr 5, 2017 5:37 UTC (Wed) by pabs (subscriber, #43278) [Link]

Are there CVEs for those security issues?

The Linux Foundation picks up FRRouting

Posted Apr 5, 2017 6:17 UTC (Wed) by paulj (subscriber, #341) [Link] (1 responses)

Which high severity security patches? And under which maintainer?

It's worth noting that patch integration shrivelled up, and a huge backlog built up, under NetDEFs' stewardship[1].

There has been a huge amount of corporate gamesmanship and politicking in this fork, do note.

1. Or whatever company it is the people associated with it work for. They are extremely opaque about their business, and the person they claimed in early '14 they had working on Quagga never worked for NetDEF it seems. I'm the only person who ever worked on Quagga for NetDEF, for about 6 months on a part-time basis, going by their public Form 990s.

The Linux Foundation picks up FRRouting

Posted Apr 5, 2017 6:55 UTC (Wed) by paulj (subscriber, #341) [Link]

Worked on maintaining Quagga, that is.

The Linux Foundation picks up FRRouting

Posted Apr 5, 2017 7:03 UTC (Wed) by paulj (subscriber, #341) [Link]

Oh, and the existence of a few thousand patches is meaningless. Half of the patches could be obviously good. Of the other half, half again might be going in the right direction, but doing things in the wrong way, fixing things in the wrong place (band-aiding over problems, etc.). The remained may have serious architectural issues, or just be plain inappropriate or even wrong.

To figure that stuff out requires actually engaging in review. Which is something, e.g., Cumulus _refused_, repeatedly, to do.

So yeah, few thousand patches. Means nothing. Till you sort the good stuff from the hundreds-of-monkeys-with-typewriters stuff.

And I'm not the only Quagga hacker who thinks Cumulus' high degree of self-belief isn't always justified.

The Linux Foundation picks up FRRouting

Posted Apr 5, 2017 17:21 UTC (Wed) by paulj (subscriber, #341) [Link]

Oh, by "the sole maintainer", you must mean the period where NetDEF claimed to be funding the sole active maintainer (except, go look at NetDEFs' Form 990s - they were not; the maintainer they claimed they were funding was working on other, commercial contracting work).

In that period, NetDEF allowed a huge backlog of patches to build up. They later tried to get patches for experimental rev-0 draft stuff into Quagga, insufficiently modularised that would have caused a huge amount of rejiggling of other people's patches - which they had allowed to pile up.

Quagga will recover from what these people have done.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds