lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090504174931.GG6740@linux.vnet.ibm.com>
Date:	Mon, 4 May 2009 10:49:31 -0700
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	Dave Kleikamp <shaggy@...ux.vnet.ibm.com>,
	Matthew Wilcox <matthew@....cx>, tridge@...ba.org,
	Al Viro <viro@...IV.linux.org.uk>, Pavel Machek <pavel@....cz>,
	Christoph Hellwig <hch@...radead.org>,
	Steve French <smfrench@...il.com>,
	Ogawa Hirofumi <hirofumi@...l.parknet.co.jp>,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>,
	Michael Tokarev <mjt@....msk.ru>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option

On Mon, May 04, 2009 at 10:18:09AM -0700, Eric W. Biederman wrote:
> "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com> writes:
> 
> > On Mon, May 04, 2009 at 09:30:20AM -0700, Eric W. Biederman wrote:
> >> Dave Kleikamp <shaggy@...ux.vnet.ibm.com> writes:
> >> 
> >> > That's for the maintainers to decide.  If they agree it has worth, maybe
> >> > it's a good idea to answer "How".
> >> 
> >> Al and Christoph said essentially the same thing and they generally
> >> are considered the general area filesystem maintainers.
> >> 
> >> This kind of thing does not appear to have come up before and
> >> so procedurally you guys are setting are attempting to set
> >> a precedent.
> >> 
> >> All I know is that doing it the way you are doing seems like a bad
> >> idea.  Not discussing things or even the reason you can't discuss them
> >> seems foolish and leaves no one satisfied.
> >> 
> >> Maybe there are good reasons but so far this whole thing just stinks.
> >> 
> >> When all of the pieces are public how can having secret veiled reasons
> >> make sense?
> >> 
> >> And if secret magic consultations with lawyers are going to be invoked
> >> I expect we should have a Signed-off-by from those lawyers.
> >
> > ;-)
> >
> > Matthew's idea of checking with SFLC seems to me to have some merit.
> > I am looking into this from my end.  Of course, you and Al and Christoph
> > have just as much standing to ask SFLC as do I, and perhaps more.
> 
> Reasonable.  Of course it still misses one interesting point.
> 
> Typically when reviewing code if the code looks suspicious you ask the
> poster why they did X.  If the author of the code has a good answer
> you can tell that they have done their homework, and you can verify it.
> If the author doesn't have a good answer typically that means they haven't
> thought through all of the details and the code has problems.
> 
> In this case we ask why and get stone-walling.  Which typically would
> mean either that IBM has a good reason for doing this that they are
> keeping hidden.  Or that we have programmers reacting to news stories
> who have not done all of their homework.
> 
> So far my feeling has been, that there are people handling this mess
> on other fronts and that if it was a real issue they would be coming
> out of the wood work, and giving guidance.
> 
> Now perhaps no one is because this is a cross disciplinary thing and no
> one has sufficient legal, technical and business expertise.

It certainly is a cross-disciplinary thing.

> Right now my hypothesis that best fits the facts is programmers reacting
> on their own to news stories, without having done all of their homework.

Not the case, I assure you.  However, you are of course free to believe
whatever you choose.

> Asking others to go to the SFLC or other places and do your homework
> for you is an interesting reaction.  The SFLC does seem like an
> appropriate group to get an opinion from.

Ah, but you are not simply asking us to -do- our homework, but also to
make that homework public on LKML.  Please note that Matthew's earlier
email indicates that he does not expect to be able to convince his
employer to make such homework public.

As to requesting that SFLC weigh in, those of you from smaller
organizations might be able to accelerate this process significantly
should you care to do so.

							Thanx, Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ