| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Oct 2007 11:40:29 -0700 From: Mark Gross <mgross@...ux.intel.com> To: Jonathan Corbet <corbet@....net> Cc: linux-kernel@...r.kernel.org Subject: Re: RFC: reviewer's statement of oversight On Mon, Oct 08, 2007 at 11:24:45AM -0600, Jonathan Corbet wrote: > Last month, at the kernel summit, there was discussion of putting a > Reviewed-by: tag onto patches to document the oversight they had > received on their way into the mainline. That tag has made an > occasional appearance since then, but there has not yet been a > discussion of what it really means. So it has not yet brought a whole > lot of value to the process. > > As I was trying to sleep last night, it occurred to me that what we > might need is an equivalent of the DCO for the Reviewed-by tag. To that > end, I dedicated a few minutes of my life to the following bit of text. > It's really just meant to be a starting point for the discussion. Is > the following something close to what we understand Reviewed-by to mean? > > jon > > > Reviewer's statement of oversight v0.01 > > By offering my Reviewed-by: tag, I state that: > > (a) I have carried out a technical review of this patch to evaluate its > appropriateness and readiness for inclusion into the mainline kernel. > > (b) Any problems, concerns, or questions relating to the patch have been > communicated back to the submitter. I am satisfied with how the > submitter has responded to my comments. > > (c) While there may (or may not) be things which could be improved with > this submission, I believe that it is, at this time, (1) a > worthwhile addition to the kernel, and (2) free of serious known > issues which would argue against its inclusion. C-1 "worthwhile addition..." Probably shouldn't be part of this. That's what additional Signed off by ACK's provide. I think reviewed by should limit its scope to code correctness leaving the subjective "worthwhile" statements are better expressed with other tags. > > (d) While I have reviewed the patch and believe it to be sound, I can not > (unless explicitly stated elsewhere) make any warranties or guarantees > that it will achieve its stated purpose or function properly in any > given situation. > > (e) I understand and agree that this project and the contribution are > public and that a record of the contribution (including my Reviewed-by > tag and any associated public communications) is maintained > indefinitely and may be redistributed consistent with this project or > the open source license(s) involved. > - I think this is a good thing to have, although recruiting reviews remains an open issue. I think it would be easier to recruit patch testers than reviewers should a Tested-by: tag be considered as well? --mgross - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists