From: Jeffrey Walton <noloader@gmail.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: [ANNOUNCE] WireGuardNT, a high-performance WireGuard implementation for the Windows kernel
Date: Sun, 12 Sep 2021 17:54:05 -0400 [thread overview]
Message-ID: <CAH8yC8=m72gvv3U-mbs5ib3eT79m+VNAX9s3muj63mHgoaD7Ew@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9ruyCFABTB1S1RYC5CSCBWPr2eqCZDCszDX4NZNR-vi9g@mail.gmail.com>
Hi Jason,
On Sun, Sep 12, 2021 at 5:11 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> ...
> Finally, tomorrow with the release of v0.4.8, we will move onto phase
> 2. That means that WireGuardNT will be on by default. If something
> goes wrong, you will still be able to disable it and revert to the
> older wireguard-go/Wintun using the "UseUserspaceImplementation"
> switch described on this page (as of September 2021; will be removed
> in the future):
>
> https://git.zx2c4.com/wireguard-windows/about/docs/adminregistry.md
>
> But note that if you /do/ revert to using wireguard-go/Wintun, you
> *must* absolutely email team@wireguard.com with details as to why
> you've done so, so that if there is a bug, we can fix it. If you do
> not do this, it is possible that your bug will never be fixed, and in
> a month or so, we'll move onto phase 3, and you will lose the ability
> to revert to using wireguard-go/Wintun. Do not rely on other people to
> report your bug for you; Windows is weird and diverse and there are no
> guarantees that somebody else will run into your same problem. So
> please: if you enable "UseUserspaceImplementation", send an email
> saying why.
One month to move into the next phase may be a bit tight for some
folks. 30 days is probably fine for a developer or standalone
installation, but some organizations cannot move that fast.
I've worked in US Financial and US Federal, and some changes take
longer to approve. Some organizations have processes in place that
require approvals from management. It may take months to get a Change
Control Request approved.
When I worked at Treasury a trivial change could take two or three
months and it required management signoffs and complete testing before
being released to the production network. Nearly everyone dreaded a
Change Control Request.
It may be noteworthy... on Windows OSes, the trend is to move stuff
out of the kernel and into userspace to reduce risk. For example,
Microsoft moved parts of the GDI out of the kernel and into userspace.
So some folks may actually want the userland architecture to reduce
risk.
Jeff
next prev parent reply other threads:[~2021-09-12 21:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 17:27 Jason A. Donenfeld
2021-08-13 11:52 ` Jason A. Donenfeld
2021-08-13 15:58 ` Re[2]: " Hendrik Friedel
2021-08-13 16:09 ` Peter Whisker
2021-08-14 11:03 ` Phillip McMahon
2021-08-14 21:37 ` Morten Christensen
2021-08-16 8:15 ` nomad
2021-09-09 11:41 ` Jason A. Donenfeld
2021-09-12 21:06 ` Jason A. Donenfeld
2021-09-12 21:54 ` Jeffrey Walton [this message]
2021-09-18 0:27 ` Jason A. Donenfeld
2021-10-17 5:08 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAH8yC8=m72gvv3U-mbs5ib3eT79m+VNAX9s3muj63mHgoaD7Ew@mail.gmail.com' \
--to=noloader@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).