any implicit behavior
ok eric@, kn@

ok eric@

when -F is used. Because of this allow rc.d script to reload sndiod.
OK kn ratchov aja

unwind can be started (silently) before pf is configured (for those
few weirdos who use hostnames in pf.conf...).  Other unidentified concerns
may be improved by this startup re-ordering, so let's give it a try.
discussed with florian.

dnssec the sysadmin has some idea what's going on in logs, and
"aggressive-nsec: yes", if we're using dnssec anyway we might as well
get the benefits. These were both enabled last time dnssec was enabled
in this sample unbound.conf.
ok florian@

OK deraadt@ otto@

avoids DNS lookups entirely, but yes this https is correctly validated)
long discussions with otto, florian, and the quad9 crew.

other methods failed to inject/churn the rng enough.  Move it up far earlier.
ok naddy sthen kettenis

responsive during packages compilation, especially on slower machines.
feedback welcome from people building ports
discussed with deraadt@

from brad@
ok bluhm@ claudio@ deraadt@

OK deraadt@

file to contain two hashes for bsd.mp, and cause later upgrade problems
spotted by afresh1

things and can easily exceed the previous 1.5GB limit.
(obviously, as with amd64, machines with less physical RAM won't cope with
building the largest ports).
ok deraadt phessler millert kettenis

as found the hard way by d.rauschenb@gmail on an old fujitsu siemens
machine, reading all of hw (notable hw.setperf) can have unexpected
side-effects.  ok deraadt

as a one-shot at boot without more complex kernel work, and also includes
some serial numbers/guids which may add a little more entropy e.g. for
systems where /etc/random.seed may be known (e.g. cloned disk images).
"why not" deraadt@

for enabling devel/jdk/11 there.
okay phessler@

ok jmc millert

machdep.pwraction
ok jmc millert

some cases also the serial console) such that X can use it as its VT
when running without root privileges.
ok jsg@, matthieu@

violations in system accounting.  This will help to find missbehaving
programs and possible attacks.  The flags bit field is full, so
recycle the PDP-11 compatibility on VAX.  lastcomm(1) prints the
AMAP flag as 'M'.  daily(8) prints a list of affected processes.
OK deraadt@

ok semarie@

prodded by deraadt@
ok kn@ deraadt@ tb@

ok deraadt@ kn@

build in 5 GB of memory. Bump default datasize for pbuild to 6 GB.
ok landry@ ajacoutot@

shipeed by default).
OK job@ sthen@ deraadt@

these are public files.
Agreed by deraadt@ (and florian@)

approach was not right, and there is still room for improvement.
OK deraadt@

OK deraadt@

the size of the "boot" file.
OK deraadt@

input Janne Johansson, schwarze@; OK deraadt@ millert@

in the default smtpd.conf and smtpd.conf(5) manual page. This
eliminates ambiguity in our documentation examples that can cause
confusion.
Input and OK deraadt@ schwarze@ kn@