lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <adavdnm5hkx.fsf@cisco.com>
Date:	Wed, 27 May 2009 15:03:42 -0700
From:	Roland Dreier <rdreier@...co.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Ingo Molnar <mingo@...e.hu>, Jeremy Fitzhardinge <jeremy@...p.org>,
	the arch/x86 maintainers <x86@...nel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Xen-devel <xen-devel@...ts.xensource.com>,
	Greg KH <gregkh@...e.de>, Jens Axboe <jens.axboe@...cle.com>,
	Chris Wright <chrisw@...hat.com>, kurt.hackel@...cle.com,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ky Srinivasan <ksrinivasan@...ell.com>,
	Beulich <jbeulich@...ell.com>, Avi Kivity <avi@...hat.com>,
	Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>
Subject: Re: [PATCH 17/17] xen: disable MSI

 > Pu another way: if they actually add value in highlighting the commits 
 > that _should_ stand out, then hey, by all means, keep such ones. I would 
 > not at all object if it was an issue of 
 > 
 >  [ Impact: fix bugzilla entry 455123 ]

I wonder if it's really worth having such a visually distinctive style
for tagging things that fix bugzilla entries.  I've been just writing
out in English the bug information -- eg a recent changelog contains

    This patch fixes <https://bugs.openfabrics.org/show_bug.cgi?id=1571>,
    an NFS/RDMA server crash.

I could see adding a tag along the lines of tested-by, reported-by,
reviewed-by, etc.  Maybe something like

    Closes-bug: <URL>

so the above language would become

    Closes-bug: https://bugs.openfabrics.org/show_bug.cgi?id=1571

And then "git log|grep 'Closes-bug:'" or "git log|grep '<bug URL>'"
becomes interesting...

 >  [ Impact: fix user-triggerable oops ]

This I think gets close to the never-ending argument about tagging
"security" bugs.  It might not be obvious immediately that a given
change fixes a user-triggerable oops and grepping the log for commits
that claim to fix a certain type of problem is quite likely to miss some
such fixes.

In the case where I know that a commit *does* fix a user-triggerable
oops, I try to note it in the changelog by saying, "This fixes an oops
that can be triggered by a user passing in garbage input xyz..." but I'm
not sure if we want to put that in a standardized greppable form.

 - R.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ