lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Oct 2018 15:00:18 -0400
From:   Sasha Levin <sashal@...nel.org>
To:     Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc:     Michael Schmitz <schmitzmic@...il.com>,
        "3.8+" <stable@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Andreas Schwab <schwab@...ux-m68k.org>,
        alexander.levin@...rosoft.com
Subject: Re: [PATCH AUTOSEL 4.18 24/58] Input: atakbd - fix Atari CapsLock
 behaviour

On Wed, Oct 10, 2018 at 11:36:09AM -0700, Dmitry Torokhov wrote:
>On Wed, Oct 10, 2018 at 02:11:48PM -0400, Sasha Levin wrote:
>> There is a big difference between distros and the stable trees. Distros
>> know who their users/customers are, OTOH we have no clue who the users
>> of stable trees are.
>>
>> I think Greg's last estimate was that about 1/3 of the kernels in the
>> wild are custom based on a kernel.org stable kernel, which means that we
>> have no visibility as to what they do with the kernel. If you don't know
>> who your users are, how can you prioritize some subsystems over others?
>
>You make a judgement call, based on the data you have. And I think if
>you want override maintainer decision you need a decent justification,
>better than "it is easy to backport" or "we do not know if someone might
>use it".

I'll never override a maintainer with regards to whether a patch will go
in stable or not. We're having this discussion only because you posed a
question rather than NAKed it. If you want me to drop this or any other
patch I'll happily do that.

>>
>> I don't think we can do any of that because we don't know who uses the
>> kernel and what bugs they hit, or don't hit.
>
>They should file bugs, report on mailing lists, and so on. If they hit
>bugs and do not bother to report them anywhere, it is not our problem.
>They need to be part of community.

The tricky part I see here is being able to say "this is a kernel bug".
Given an average user who's capslock key stops working, do you really
expect them to diagnose this as a kernel issue? Most users don't even
know what the kernel is.

>> This is one of the reasons
>> we ask everyone to pick everything, if they don't use whatever code we
>> changed they won't be affected at all.
>
>Or there is unexpected behavior change and they are affected. What do
>you do if users of atakbd adjusted their userspace for the broken kernel
>map? From my POV it is OK-ish to change in new kernel release, but
>not in a middle of "stable" series.

Fair enough, we usually do that trade-off based on how complex a patch
is rather than how many users a certain driver has.

>>
>> As a trivial example: we run a few kernels with custom configs in
>> Microsoft. Can you tell which drivers we use and how many machines use
>> them? Us not showing up in git log doesn't mean we don't use something,
>> it just means that the stable process works for us.
>
>I can tell you that you are not using atakbd ;)
>
>Look, if we are talking about Microsoft, what are criteria for changes
>that are going into "patch tuesday" releases? Is it any random junk that
>might land on top of the development tree? Or is it just a bit more
>disciplined? Like Release managers looking at the incoming problem
>report rates and make a judgement call as to whether pull the fix in or
>wait for bigger maintenance release? In ChromeOS land it is the latter.

Exactly! If we'd have a system to report bugs and issues where these are
automatically sent back to the mothership like on Windows I'd agree
with you. But for now we have shit for bugtracker and noisy LKML that no
one reads. And this assumes that a user knows what this mystical
"kernel" thing is.

As you might know, Microsoft is rather new in the Linux field, and we
sometimes have a "what is the linux kernel?" discussions. This is
inside a TECH company. I can't iamgine a lay person knows what a kernel
is.

It's hard to expect those users to do that much footwork to report bugs.

--
Thanks,
Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ