| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Nov 2007 22:56:01 +0100 (CET) From: Christian Kujau <lists@...dbynature.de> To: Andrew Morton <akpm@...ux-foundation.org> cc: linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org Subject: Re: [BUG] New Kernel Bugs On Tue, 13 Nov 2007, Andrew Morton wrote: > There are a number of process things we _could_ do. Like > - have bugfix-only kernel releases Adrian Bunk does (did?) this with 2.6.16.x, although it always seemed to me like an unrewarded one man show. AFAIK not even the big distros are begging for bugfix-only versions, as they too want to have (sell) new features. Mission critical systems might want to require such versions, but I guess they're using heavily customized trees anyway. > - Just refuse to merge any non-bugfix patches for a subsystem when it is > determined that the subsystem has "too many" regressions. Hm, that's what I had in mind. Has this been tried already? > - Create an "if you added a regression, you should fix some other bug > too" rule. Naah, I'm not really in favour of blaming someone. The kernel doesn't have SLA contracts (yet), so no need for giving out penalties :) > But we can't/shouldn't do any of that until it is generally agreed that we > have a problem and that the problem is of sufficient magnitude that process > changes are needed to address it. We aren't at that stage yet. Keeping track of the (number of) regressions / bugs each release seems to be a good start, IMHO. > process changes, they all would be aimed at a single thing: shifting some > of the developers' time away from <otherstuff> and onto bugfixing. True. Implementing "only bugfixes from now on" (i.e. a longer freeze-window) would perhaps speed up the shifting a bit: $developer can still do $otherstuff all day long, but it won't get merged anyway, because we're in "only bugfixes from now on"-mode. > At this stage the only tool which is being deployed to attempt to bring > about that reprioritisation is suasion. aka "lkml flamewar". True. But I just noticed that I have to distinguish between "flamewars" and "fierce discussions": if I'd imagine a room with ~50 developers/bystanders brainstorming on a issue like this (at the same time, without the wonderful delay of writing/sending an email), it'd feel much more uncomfortable. Christian. -- BOFH excuse #433: error: one bad user found in front of screen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists