lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071008184029.GA31906@linux.intel.com>
Date:	Mon, 8 Oct 2007 11:40:29 -0700
From:	Mark Gross <mgross@...ux.intel.com>
To:	Jonathan Corbet <corbet@....net>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: RFC: reviewer's statement of oversight

On Mon, Oct 08, 2007 at 11:24:45AM -0600, Jonathan Corbet wrote:
> Last month, at the kernel summit, there was discussion of putting a
> Reviewed-by: tag onto patches to document the oversight they had
> received on their way into the mainline.  That tag has made an
> occasional appearance since then, but there has not yet been a
> discussion of what it really means.  So it has not yet brought a whole
> lot of value to the process.
> 
> As I was trying to sleep last night, it occurred to me that what we
> might need is an equivalent of the DCO for the Reviewed-by tag.  To that
> end, I dedicated a few minutes of my life to the following bit of text.
> It's really just meant to be a starting point for the discussion.  Is
> the following something close to what we understand Reviewed-by to mean? 
> 
> jon
> 
> 
> Reviewer's statement of oversight v0.01
> 
> By offering my Reviewed-by: tag, I state that:
> 
>  (a) I have carried out a technical review of this patch to evaluate its
>      appropriateness and readiness for inclusion into the mainline kernel. 
> 
>  (b) Any problems, concerns, or questions relating to the patch have been
>      communicated back to the submitter.  I am satisfied with how the
>      submitter has responded to my comments.
> 
>  (c) While there may (or may not) be things which could be improved with
>      this submission, I believe that it is, at this time, (1) a
>      worthwhile addition to the kernel, and (2) free of serious known
>      issues which would argue against its inclusion.

C-1 "worthwhile addition..." Probably shouldn't be part of this.  That's
what additional Signed off by ACK's provide.  I think reviewed by should
limit its scope to code correctness leaving the subjective "worthwhile"
statements are better expressed with other tags.

> 
>  (d) While I have reviewed the patch and believe it to be sound, I can not
>      (unless explicitly stated elsewhere) make any warranties or guarantees
>      that it will achieve its stated purpose or function properly in any
>      given situation.
> 
>  (e) I understand and agree that this project and the contribution are
>      public and that a record of the contribution (including my Reviewed-by
>      tag and any associated public communications) is maintained
>      indefinitely and may be redistributed consistent with this project or
>      the open source license(s) involved.
> -

I think this is a good thing to have, although recruiting reviews remains
an open issue.

I think it would be easier to recruit patch testers than reviewers
should a Tested-by: tag be considered as well?

--mgross
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ