lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Jun 2009 12:04:54 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Krzysztof Halasa <khc@...waw.pl>
cc:	Jake Edge <jake@....net>,
	"Luis R. Rodriguez" <lrodriguez@...eros.com>,
	Pavel Machek <pavel@....cz>, Greg KH <greg@...ah.com>,
	"corbet@....net" <corbet@....net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"alan@...rguk.ukuu.org.uk" <alan@...rguk.ukuu.org.uk>,
	"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"tshibata@...jp.nec.com" <tshibata@...jp.nec.com>
Subject: Re: [PATCH v3.1415] Documentation: add documentation summary for
 rc-series and merge window



On Tue, 23 Jun 2009, Krzysztof Halasa wrote:
> 
> I would say, to address regressions and fix bugs. Not only those added
> recently, though obviously older bugs should have already been fixed.

The thing is, I don't take bug fixes late in the -rc just because they are 
bug fixes.

And I really shouldn't.

If it's an old bug, and doesn't cause an oops or a security issue, it had 
damn well better wait for the next merge window. There is absolutely _no_ 
reason to just blindly "fix bugs" at the end of the rc stage, because 
quite frankly, the risks coming from fixing a bug is often bigger than the 
advantage.

Even "obvious bugs" may be things that people depend on, or that other 
parts of the kernel simply rely on indirectly. For a recent example of 
this, see what happened when we fixed an obvious bug on x86-64 to check 
user space addresses properly: it turns out that 'strnlen_user()' depended 
on the bug ("misfeature"), and had to be fixed when the bug was fixed.

So no. Regressions really are _different_ from "fixing bugs".

Regressions need to be fixed even if it may even re-introduce another 
long-time bug - simply because we're much better off with a _consistent_ 
set of bugs where people can depend on their machine either working or 
not, than with some kind of unstable situation that never gets anywhere 
(we found that out the hard way with both ACPI and power management).

So the end result is:

 - we always want to fix bugs

 - but the primary time to fix bugs is during the merge window

 - after the merge window closes, the effort should be on _regressions_, 
   nothing else.

 - security issues and oopses etc catastrophic bugs obviously need to be 
   handled at any stage.

IOW, "it fixes a bug" is _not_ sufficient. The real issue is "it _really_ 
can't wait to the next merge window", not "bug or not".

				Linus
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ