Richard Bejtlich wrote:
>Hello all,
>
>I have become a fan of Colin Percival's freebsd-update, which allows
>binary updates of the GENERIC kernel and unmodified userland.
>
>Binary kernel updates are not possible if I modify my kernel to
>include support for IPSec or NAT, e.g.
>
>device crypto
>options FAST_IPSEC
>options IPFIREWALL
>options IPDIVERT
>
>After speaking with Colin, he mentioned that IPSec, NAT, and disk
>quotas (enabled via options QUOTA) are the three most popular kernel
>changes that prevent people from running GENERIC and hence using
>freebsd-update for binary kernel updates.
>
>Can anyone shed light on why those three features are not available in
GENERIC?
>
>Thank you,
>
>Richard
>http://www.taosecurity.com
>_______________________________________________
>freebsd-stable@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>To unsubscribe, send any mail to
"freebsd-stable-unsubscribe@freebsd.org"
>
>
>
>
>
My guess is that just because those are the three most popular kernel
changes that prevent people from running GENERIC doesn't mean that the
majority of users implement these changes.
-Tom