lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 6 Aug 2008 14:52:01 +0200
From:	"Vegard Nossum" <vegard.nossum@...il.com>
To:	"Mike Frysinger" <vapier.adi@...il.com>
Cc:	"Bryan Wu" <cooloney@...nel.org>, "Julia Lawall" <julia@...u.dk>,
	"Alexey Dobriyan" <adobriyan@...il.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] blackfin/sram: use 'unsigned long' for irqflags

On Wed, Aug 6, 2008 at 2:14 PM, Mike Frysinger <vapier.adi@...il.com> wrote:
>>>> The patch was generated using the Coccinelle semantic patch framework.
>>>
>>> spam ?
>>
>> Hm? I'm sorry, I don't understand what you mean by that. Do you think
>> the credit is undeserved?
>
> *shrug* ... i dont see other patches with things like:
> The patch was generated with git.
> The patch was generated with eclipse.
> The patch was generated with emacs.
> etc...
>
> we dont generally list all of the tools in the log message that was
> used in *creating* a patch since it doesnt really add any value when
> looking back historically at changes.

Hm. I agree that git/eclipse/emacs/etc. information is not very
useful. However...

For errors found with lockdep, we usually put either the lockdep
output in the commit message or say that it was found with lockdep.
Having this information in the log is useful because it also
establishes a track record for the tool which was used to discover/fix
the error.

Arguably, the semantic patch itself should be present in the log as
well. There are different practices here, but in this case, the patch
was quite long, and has already been included in a pending commit. Now
others may use the same semantic patch (or a variation of it) and
possibly find more "bad" code (possibly introduced after the semantic
patch was first applied!).

It seems that the practice of including a reference to the tool is
already widespread, though, for example:

    $ git log v2.6.26-rc2 | grep -ci 'semantic patch'
    72

    $ git log v2.6.26-rc2 | grep -ci coverity
    495

etc.


Vegard

PS: This is a bit of a sore spot for me having been directly involved
with the development of another such tool (kmemcheck). I will always
ask for kmemcheck to be credited in the log whenever it is used to
find and fix genuine programmer errors, simply because that's the best
way to measure its usefulness :-)

-- 
"The animistic metaphor of the bug that maliciously sneaked in while
the programmer was not looking is intellectually dishonest as it
disguises that the error is the programmer's own creation."
	-- E. W. Dijkstra, EWD1036
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ