lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080221140855.6aea8cc1@laptopd505.fenrus.org>
Date:	Thu, 21 Feb 2008 14:08:55 -0800
From:	Arjan van de Ven <arjan@...radead.org>
To:	Adrian Bunk <bunk@...nel.org>
Cc:	Roland Dreier <rdreier@...co.com>,
	Linus Torvalds <torvalds@...l.org>,
	Glenn Streiff <gstreiff@...Effect.com>,
	Faisal Latif <flatif@...Effect.com>,
	linux-kernel@...r.kernel.org, general@...ts.openfabrics.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Greg Kroah-Hartman <greg@...ah.com>
Subject: Re: Merging of completely unreviewed drivers

On Thu, 21 Feb 2008 23:01:24 +0200
Adrian Bunk <bunk@...nel.org> wrote:

> [ Linus Added to the To: since I want to hear his opinion on this
> issue. ]
> 
> On Thu, Feb 21, 2008 at 12:28:55PM -0800, Roland Dreier wrote:
> >  > This driver should really have gotten some review before being
> >  > included in the kernel.
> > 
> >  > Even a simple checkpatch run finds more than > 250 stylistic
> >  > errors (not code bugs but cases where the driver violates the
> >  > standard code formatting rules of kernel code).
> > 
> > Linus has strongly stated that we should merge hardware drivers
> > early, and I agree: although the nes driver clearly needs more
> > work, there's no advantage to users with the hardware in forcing
> > them to wait for 2.6.26 to merge the driver, since they'll just
> > have to patch the grungy code in themselves anyway.  And by merging
> > the driver early, we get fixed up for any tree-wide changes and
> > allow janitors to help with the cleanup.
> 
> Is it really intended to merge drivers without _any_ kind of review?

No of course not.

I totally agree we should be more agressive in merging drivers earlier.
A minimal review needs to happen so for a few things imo
1) That the driver doesn't break the build
2) That the driver has no obvious huge security holes
   (this is a big deal for unsuspecting users)
3) that there's not an obscene amount of "uses deprecated api" compiler warnings
   (since those are annoying for everyone else)
4) that people who don't have the hardware are not negatively affected
   (say crashes without the hw or so)


beyond that.. that's what EXPERIMENTAL is for
(joking; lets not open that can of fish)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ