| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20071008110614.dd671fc7.randy.dunlap@oracle.com> Date: Mon, 8 Oct 2007 11:06:14 -0700 From: Randy Dunlap <randy.dunlap@...cle.com> To: Jeremy Fitzhardinge <jeremy@...p.org> Cc: Jan Engelhardt <jengelh@...putergmbh.de>, Sam Ravnborg <sam@...nborg.org>, Jonathan Corbet <corbet@....net>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Pekka Enberg <penberg@...helsinki.fi> Subject: Re: RFC: reviewer's statement of oversight On Mon, 08 Oct 2007 11:01:49 -0700 Jeremy Fitzhardinge wrote: > Jan Engelhardt wrote: > >> Acked-by: > >> Tested-by: > >> > > > > * Used by random people to express their (dis)like/experience with the > > patch. > > > > Tested-by is more valuable than acked-by, because its empirical. > Acked-by generally means "I don't generally object to the idea of the > patch, but may not have read beyond the changelog". Tested-by implies > "I did something that exercised the patch, and it didn't explode" - > that's on par with an actual review (ideally all patches would be both > tested and reviewed). but Tested-by: doesn't have to involve any "actually looking at/reading the patch." Right? IOW, the patch could be ugly as sin but it works... > >> Reviewed-by: > >> > > > > * I am maintaner or an 'important' person and have had a > > look at it in depth > > > > Hm. We have a tension here: > > * there aren't enough reviewers > * some reviews are more useful than others > > While a review by a trustworthy person is invaluable, we don't want to > discourage people from reviewing. A new reviewer's review may not be > terribly useful, but a meta-review may help improve it. Or it could be > a great review. > > I guess I'm proposing that we also need to expand the reviewer base, and > to do so we need some kind of reviewer-mentoring or metareview process. > Of course that could just be an extra burden on the existing (small) > trusted reviewer base, but the hope is that over time the reviewer pool > size grows enough to make the effort worthwhile... > > > >> Cc: > >> > > > > * Used by original submitter to denote additional maintainers it goes to > > * Parties who should be Cced when an a posteriori question comes up > > > > Well, any interested parties, really. I use it for original bug > reporters, people who followed up on the report, people who have patches > in a nearby area, people who are known to be interested in the affected > subsystem, people who have reviewed previous versions of the patch, etc... --- ~Randy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists