lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4DD692D5.6010400@redhat.com>
Date:	Fri, 20 May 2011 11:12:05 -0500
From:	Eric Sandeen <sandeen@...hat.com>
To:	"Ted Ts'o" <tytso@....edu>
CC:	Lukas Czerner <lczerner@...hat.com>, linux-ext4@...r.kernel.org
Subject: Re: [PATCH 4/4] ext4: fix possible use-after-free ext4_remove_li_request()

On 5/20/11 11:03 AM, Ted Ts'o wrote:
> Lukas, are you going to be providing a new version of these patch
> series or not?  
> 
> If you are, could you do it as a separate patch series, instead of
> only updating one patch as a reply to the mail thread.  When people do
> this, I find it painful since I need to figure out, "ok, I need v2 of
> the 1/4 patch, v3 of the 2/4 patch, v4 of the 3/4 patch, and v3 of of
> the 4/4 patch.  To provide context, please add version descriptors
> after the --- of the patch.  (i.e, "v3 --> v4; fixed commit message")
> 
> Also, if we're going to be doing extended review of patches like this,
> instead of my just fixing things up when I pull stuff in, people need
> to start authoring patches ***much*** sooner.  Doing multiple publish
> and review cycles now that the merge window is open really doesn't
> work.  One way of solving this in the future is to simply not take any
> patch that is first submitted after say, -rc5 or -rc6 until the next
> merge window.  But given that some patches didn't *start* getting much
> review until 2-3 weeks ago, that wouldn't be entirely fair.
> 
> But for the next merge window, if this is going to work, we need
> people submitting patches earlier, and people reviewing patches
> earlier.

How about a reasonable sounding convention like: if it's non-critical
it's too late, but if it's critical you'll try to get it in.

Windows are windows, reviews are reviews, and if it's too late,
it's too late ... You ultimately get to decide what goes in
and when.

But skipping thorough review simply because the window is open now
doesn't make sense to me.

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ