I'm going to comment on a few of these just because:
This is my list:
- Drop the politics and merge low level security enhancements like Address Space Layout Randomization (ASLR), mprotect hardening, Position Independent Executable (PIE) support, and PTrace hardening, from HardenBSD back to FreeBSD
- Replace already OpenSSL with LibreSSL and forget about long term support. FreeBSD is not Red Had and should not follow the same ridiculous policies.
- Drop the PAM and take the clue from commercial UNIX-es if you don't like the simplicity of LDAP authorization from OpenBSD
- Do something about Kerberos in the base. Either adopt it as a project like OpenBSD did with LibreSSL or remove it since its code is a mess.
- Focus more on deleting and auditing the code rather than importing new features.
- Start shipping with much saner defaults.
- I am not sure how useful is NFSv4. It is definitely too much ado about nothing. I would have prefer that FreeBSD has focused on NFSv3 just like DragonFly people.
- Fix Unbound in the base. Come on. Emulating Linux defaults is typically a very bad idea.
- Replace Sendmail with DMA (DragonFly Mailer Agent) now!
- Audit the code and do lots of regression and quality testing.
- Either remove the code or finish things like native SNMP daemon (BSNMP) code.
- Drop the politics and finish native sensoring framework. Do not allow IMPI to run on generic kernel due to security issues.
- Fix the syslog daemon. Seriously. Take the clue what OpenBSD have done with its own syslog daemon.
On these I can mostly agree. Ax Kerberos, PAM,OpenSSL and Sendmail. DMA is decent enough.
- Move PF and IPFilter to ports or completely remove it. Keep IPFW in the base and enable it by default with sane defaults (obviously will not be able to be too restricitive). Once you move them to ports, synchronize PF and IPFilter with upstream or drop it completely. No pseudo forks please.
I think we both agree maintaining three firewalls is insane. I like PF, so I'd rather see IPFW go the way of the dodo because it's a confusing mess and as bad, in the few times I've tried it, as Linux's IPTables. I especially don't get the scripting config file... like what the heck were they thinking.
- Remove all softraid UFS disciplines from the base except 0, 1, and 10. Make sure system can be easily booted from raid 1.
- Improve UFS Journaling. Learn about WAPBL.
How about we just port the NetBSD WAPBL/UFS implementation? That would even remove the problematic soft-updates, which I thought for a long damn time was a good idea until I realized how complex it really is. I'm aware that 'porting' from one BSD to another isn't easy, but it's better than writing it from scratch.
- Import beadm into the base and make update aware of beadm (run snapshot before doing updates).
- Import some basic ZFS snapshot and replication utilities into the base and test it mercilessly. One should be able to schedule snapshots and replication (both full and incremental including deleting things on the target) with the tools from the base.
- Import one of the Jail management tools with ZFS integration into the base (seems that iocell is now a good candidate). Make sure that is fully scriptable and easy to use with some kind orchestration software like my favorite Ansible.
- Having build in hot migration/failover ZFS based jails would be really nice.
I feel like the overreliance on ZFS as a killer feature is a little... risky. For one, ZFS is really a bloated FS, and while BTRFS is in development hell, and HAMMER2 is going to be "ready when it is ready" I'd, IMHO, quickly deprecate ZFS for HAMMER2 - and maybe work with the DFBSD team to ensure it's cross-compatibility. I'd like to see the BSDs work more closely together.
- Drop legacy platforms (FreeBSD was always focused on i386 anyway and not very portable). Focus on amd64, ARM (when it make sense, drop raspberry pi nonsense), and MIPS64 routing hardware.
I would focus on x64/amd64, ARM64 (The RPi isn't nonsense!), and POWER64el. MAYBE SPARC64 if there was significant interest. POWER is a great platform and with the way amd64 is going (un-nukable Management Engines, increasingly closed hardware) I'd like to spin up POWER64. Focusing on MIPS64 is hahaha because MIPS is a blobbed architecture with too many pitfalls from vendors to be worth it. MIPS was great in the IRIX days, don't get me wrong, but today? Shell of its former self.
- Adopt a significant project which is important to everyone like Portable C Compiler and native bin utils and write them. Be innovators like OpenBSD and DragonFly people. You are not widely used commercial system so there is nothing to be afraid of.
Agreed. LLVM is cool and all but it isn't a BSD project. We need a better long term solution if LLVM won't be the end all be all.
- Making sure that FreeBSD compiles with LLVM is cool but LLVM should not be in the base in particularly now after they change the license to non-free Apache2 license.
- Aggressively remove the obsolete software from the ports three and even remove current software if the ports are not properly maintained.
- Do something about the desktop. X was always clunky on FreeBSD comparing to OpenBSD Xenocara. Either focus on the minimal set of useful things or drop the damn thing all together.
- Get systemd fake interface for desktop applications before it is too late. Large parts of Linux desktop eco system will soon 100% depend on systemd. That thing will no longer run on FreeBSD.
First off, LLVM is not Apache2.
http://releases.llvm.org/ It's a OSI approved license similar to the BSD.
On culling old ports - there's some software in ports one may term obsolete (no longer maintained) but it's relatively stable and I'd like to not get too hasty.
On the desktop, we simply need to stop reinventing the wheel. All of the BSDs should adopt the OpenBSD Xenocara in base, and we should, quid pro quo, in return help the rest of the BSD community by maintaining our own parts of the community for others to reap the benefits
On the desktop, I'm in disagreement. We should simply stop trying already to keep up with the desktops that require logind, networkd and other systemd components. Drop support for GNOME and KDE directly. We're never going to be able to stop the systemd train, so I say stop trying - we should roll our own, preferably without dbus and other Linuxisms. We already have Lumina, we should be able to make an i3-based DE, and bring the CDE (which is LGPL, not a huge deal since it's linkable) into ports. I've decided dbus isn't worth it so much that I even emulate the Windows port of Thunderbird under WINE since I can't stand running dbus.