lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4631219D.4060402@gmail.com>
Date:	Fri, 27 Apr 2007 00:03:09 +0200
From:	Rene Herman <rene.herman@...il.com>
To:	Adrian Bunk <bunk@...sta.de>
CC:	Randy Dunlap <randy.dunlap@...cle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	"Robert P. J. Day" <rpjday@...dspring.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Marcel Holtmann <marcel@...tmann.org>,
	Christoph Hellwig <hch@...radead.org>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: MODULE_MAINTAINER

On 04/26/2007 05:52 PM, Adrian Bunk wrote:

> I don't think we want to expose maintainership information to users at 
> all:

With the point you make about old installed kernel modules having outdated 
information forever you've in fact convinced me that MODULE_MAINTAINER is 
not a good idea. If I decide after some time that I no longer want to be a 
maintainer anymore, I can delete the MODULE_MAINTAINER and/or the entry in 
MAINTAINERS in the current kernel, but I could be getting mail for a long 
time still through old installs.

The problem I still have is that we _do_ expose authorship information, 
generally complete with (an) email address(es), which is the only address 
available from the binary and which is displayed on every invocation of the 
user tool "modinfo". Proper contact information may rather be available from 
a text file off in a source tree somewhere instead, but this information is 
ofcourse going to remain being interpreted as such however one may feel 
about it.

Deleting authorship information can't happen for legal reasons. Not in the 
global "delete them all" sense but also not in a local sense; a maintainer 
doesn't have the right to delete a MODULE_AUTHOR tag but not being able to 
additionally supply contact information _alongside_ that information then 
leaves the confusing message the tag sends as is.

Deleting the email addresses from the MODULE_AUTHOR tag would go some ways 
to fix it; it's then at least clearer that the author is not being displayed 
as a general contact for the driver. It may on the other hand want to remain 
as a legal contact and I only know of "modinfo" as a normal way of listing 
the tags, so even a very minimal solution such as having modinfo supress the 
author tag, or even just any email address in it, would be good enough.

Rene.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ