| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Feb 2008 17:33:10 -0500 From: Jeff Garzik <jeff@...zik.org> To: Arjan van de Ven <arjan@...radead.org> CC: Adrian Bunk <bunk@...nel.org>, Roland Dreier <rdreier@...co.com>, Linus Torvalds <torvalds@...l.org>, Glenn Streiff <gstreiff@...Effect.com>, Faisal Latif <flatif@...Effect.com>, linux-kernel@...r.kernel.org, general@...ts.openfabrics.org, Andrew Morton <akpm@...ux-foundation.org>, Greg Kroah-Hartman <greg@...ah.com> Subject: Re: Merging of completely unreviewed drivers Arjan van de Ven wrote: > On Thu, 21 Feb 2008 23:01:24 +0200 > Adrian Bunk <bunk@...nel.org> wrote: > >> [ Linus Added to the To: since I want to hear his opinion on this >> issue. ] >> >> On Thu, Feb 21, 2008 at 12:28:55PM -0800, Roland Dreier wrote: >>> > This driver should really have gotten some review before being >>> > included in the kernel. >>> >>> > Even a simple checkpatch run finds more than > 250 stylistic >>> > errors (not code bugs but cases where the driver violates the >>> > standard code formatting rules of kernel code). >>> >>> Linus has strongly stated that we should merge hardware drivers >>> early, and I agree: although the nes driver clearly needs more >>> work, there's no advantage to users with the hardware in forcing >>> them to wait for 2.6.26 to merge the driver, since they'll just >>> have to patch the grungy code in themselves anyway. And by merging >>> the driver early, we get fixed up for any tree-wide changes and >>> allow janitors to help with the cleanup. >> Is it really intended to merge drivers without _any_ kind of review? > > No of course not. > > I totally agree we should be more agressive in merging drivers earlier. > A minimal review needs to happen so for a few things imo > 1) That the driver doesn't break the build > 2) That the driver has no obvious huge security holes > (this is a big deal for unsuspecting users) > 3) that there's not an obscene amount of "uses deprecated api" compiler warnings > (since those are annoying for everyone else) > 4) that people who don't have the hardware are not negatively affected > (say crashes without the hw or so) FWIW, my general guidelines for merging drivers in my areas are: 1) it's not fugly 2) it has an active maintainer who responds to feedback I tend to think it is NOT in the best interests of Linux users, for us to merge vendor-fugly drivers with many layers of OS wrappers and similar obfuscation. But similarly... I merge drivers long before our SCSI maintainer will, and I value "it works" above stupid checkpatch warnings. Jeff -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists