lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 23 Nov 2020 08:32:41 -0800
From:   Joe Perches <joe@...ches.com>
To:     James Bottomley <James.Bottomley@...senPartnership.com>,
        Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Jakub Kicinski <kuba@...nel.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        alsa-devel@...a-project.org, amd-gfx@...ts.freedesktop.org,
        bridge@...ts.linux-foundation.org, ceph-devel@...r.kernel.org,
        cluster-devel@...hat.com, coreteam@...filter.org,
        devel@...verdev.osuosl.org, dm-devel@...hat.com,
        drbd-dev@...ts.linbit.com, dri-devel@...ts.freedesktop.org,
        GR-everest-linux-l2@...vell.com, GR-Linux-NIC-Dev@...vell.com,
        intel-gfx@...ts.freedesktop.org, intel-wired-lan@...ts.osuosl.org,
        keyrings@...r.kernel.org, linux1394-devel@...ts.sourceforge.net,
        linux-acpi@...r.kernel.org, linux-afs@...ts.infradead.org,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        linux-arm-msm@...r.kernel.org,
        linux-atm-general@...ts.sourceforge.net,
        linux-block@...r.kernel.org, linux-can@...r.kernel.org,
        linux-cifs@...r.kernel.org,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        linux-decnet-user@...ts.sourceforge.net,
        Ext4 Developers List <linux-ext4@...r.kernel.org>,
        linux-fbdev@...r.kernel.org, linux-geode@...ts.infradead.org,
        linux-gpio@...r.kernel.org, linux-hams@...r.kernel.org,
        linux-hwmon@...r.kernel.org, linux-i3c@...ts.infradead.org,
        linux-ide@...r.kernel.org, linux-iio@...r.kernel.org,
        linux-input <linux-input@...r.kernel.org>,
        linux-integrity@...r.kernel.org,
        linux-mediatek@...ts.infradead.org,
        Linux Media Mailing List <linux-media@...r.kernel.org>,
        linux-mmc@...r.kernel.org, Linux-MM <linux-mm@...ck.org>,
        linux-mtd@...ts.infradead.org, linux-nfs@...r.kernel.org,
        linux-rdma@...r.kernel.org, linux-renesas-soc@...r.kernel.org,
        linux-scsi@...r.kernel.org, linux-sctp@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-stm32@...md-mailman.stormreply.com,
        linux-usb@...r.kernel.org, linux-watchdog@...r.kernel.org,
        linux-wireless <linux-wireless@...r.kernel.org>,
        Network Development <netdev@...r.kernel.org>,
        netfilter-devel@...r.kernel.org, nouveau@...ts.freedesktop.org,
        op-tee@...ts.trustedfirmware.org, oss-drivers@...ronome.com,
        patches@...nsource.cirrus.com, rds-devel@....oracle.com,
        reiserfs-devel@...r.kernel.org, samba-technical@...ts.samba.org,
        selinux@...r.kernel.org, target-devel@...r.kernel.org,
        tipc-discussion@...ts.sourceforge.net,
        usb-storage@...ts.one-eyed-alien.net,
        virtualization@...ts.linux-foundation.org,
        wcn36xx@...ts.infradead.org,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
        xen-devel@...ts.xenproject.org, linux-hardening@...r.kernel.org,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nathan Chancellor <natechancellor@...il.com>,
        Miguel Ojeda <ojeda@...nel.org>
Subject: Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Mon, 2020-11-23 at 07:58 -0800, James Bottomley wrote:
> We're also complaining about the inability to recruit maintainers:
> 
> https://www.theregister.com/2020/06/30/hard_to_find_linux_maintainers_says_torvalds/
> 
> And burn out:
> 
> http://antirez.com/news/129

https://www.wired.com/story/open-source-coders-few-tired/

> What I'm actually trying to articulate is a way of measuring value of
> the patch vs cost ... it has nothing really to do with who foots the
> actual bill.

It's unclear how to measure value in consistency.

But one way that costs can be reduced is by automation and _not_
involving maintainers when the patch itself is provably correct.

> One thesis I'm actually starting to formulate is that this continual
> devaluing of maintainers is why we have so much difficulty keeping and
> recruiting them.

The linux kernel has something like 1500 different maintainers listed
in the MAINTAINERS file.  That's not a trivial number.

$ git grep '^M:' MAINTAINERS | sort | uniq -c | wc -l
1543
$ git grep '^M:' MAINTAINERS| cut -f1 -d'<' | sort | uniq -c | wc -l
1446

I think the question you are asking is about trust and how it
effects development.

And back to that wired story, the actual number of what you might
be considering to be maintainers is likely less than 10% of the
listed numbers above.


Powered by blists - more mailing lists