lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20090124132342.0086e6ec@mjolnir.drzeus.cx>
Date:	Sat, 24 Jan 2009 13:23:42 +0100
From:	Pierre Ossman <drzeus@...eus.cx>
To:	Wolfgang Mües <wolfgang.mues@...rswald.de>
Cc:	"Matt Fleming" <matt@...sole-pimps.org>,
	"David Brownell" <dbrownell@...rs.sourceforge.net>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Fixes and enhancements for the MMC SPI driver

I just want to throw my .02 SEK in here.

In essence, I agree with both of you. :)

We should do what we can to force vendors to follow standards. But as
Wolfgang says, punishing their users rarely gets the job done.
Especially when the user has no idea that the card is to blame.

My general approach in these conditions is to work around the bugs as
much as possible (as long as those workarounds doesn't make life
difficult for compliant cards), and try to shame the vendor by logging
buggy cards.

So Wolfgang, if you could separate out your workarounds to independent
patches and see what can be done to complain in dmesg about hardware
bugs (without flooding dmesg).

Rgds
-- 
     -- Pierre Ossman

  WARNING: This correspondence is being monitored by the
  Swedish government. Make sure your server uses encryption
  for SMTP traffic and consider using PGP for end-to-end
  encryption.

Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ