lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200711270121.43587.rjw@sisk.pl>
Date:	Tue, 27 Nov 2007 01:21:42 +0100
From:	"Rafael J. Wysocki" <rjw@...k.pl>
To:	Adrian Bunk <bunk@...nel.org>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
Subject: Re: [RFC][PATCH] Update REPORTING-BUGS

On Tuesday, 27 of November 2007, Adrian Bunk wrote:
> On Mon, Nov 26, 2007 at 11:44:24PM +0100, Rafael J. Wysocki wrote:
> > On Monday, 26 of November 2007, Adrian Bunk wrote:
> > > On Mon, Nov 26, 2007 at 01:51:37AM +0100, Rafael J. Wysocki wrote:
> > > > On Monday, 26 of November 2007, Adrian Bunk wrote:
> >...
> > > > > We will never get 100% of all bugs fixed.
> > > > > 
> > > > > Let's get back to the fact that we have many bug reports that could be 
> > > > > fixed within a reasonable amount of time but are not.
> > > > 
> > > > Do you have specific examples?
> > > 
> > > Take e.g. #3938
> > 
> > Are you sure that this one hasn't been fixed?  The reporter doesn't seem to be
> > responsive ...
> > 
> > > or #4039
> > 
> > Same here.
> 
> Saying "reporter doesn't seem to be responsive" is a joke if there was
> zero activity in solving any of these bugs for nearly three years.
> 
> They might (or might not) be fixed by chance now, but they should have
> been fixed in the beginning of 2005 as a result of the bug reports.
> 
> You can now claim these are too old, but you'll find for any bug age 
> bugs that both should be solvable for a developer knowing the kernel 
> code in question and that have not been seriously debugged.

Arguably, we can't be sure that the bug wasn't worked on just because there's
no confirmation of that in the Bugzilla.  It _probably_ wasn't, but in fact
that's uncertain.

OTOH, in both cases above you can't even assume that the appropriate developer
was _aware_ of the bug report.

Which, BTW, is a problem even with the Bugzilla as it is configured today: it
doesn't give you any guarantee that the bug report is heard of by the right
people (unless, of course, it's forwarded to them by Andrew, that is, but this
"mechanism" is not exactly a part of the Bugzilla itself ;-)).

For this reason, I'd like the maintainers/developers of every subsystem to
provide us with an address of a mailing list considered as appropriate for
sending bug reports related to this particular subsystem.  Then, we can make
the Bugzilla forward bug reports to these lists, so that Andrew or anyone else
need not handle that manually.

Now, if we have such lists set up for all subsystems, we'll be able to just
tell users to send bug reports there, either using the Bugzilla, or directly,
with the assumption that the right people get those reports.

Then, the "we didn't know about the report" kind of excuse won't be viable any
more and we'll be able to exert more directed pressure at the subsystems that
aren't good enough at handling bugs.

Greetings,
Rafael
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ