lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.1001151407480.23543@ask.diku.dk>
Date:	Fri, 15 Jan 2010 14:10:40 +0100 (CET)
From:	Julia Lawall <julia@...u.dk>
To:	Pekka Enberg <penberg@...helsinki.fi>
Cc:	Mark Brown <broonie@...nsource.wolfsonmicro.com>,
	David Miller <davem@...emloft.net>, stefanr@...6.in-berlin.de,
	adi@...apodia.org, nm127@...email.hu, david.vrabel@....com,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
	cocci@...u.dk, Andrew Morton <akpm@...ux-foundation.org>,
	Nicolas Palix <npalix@...u.dk>
Subject: Re: Changelog quality

On Fri, 15 Jan 2010, Pekka Enberg wrote:

> Hi Julia,
> 
> On Fri, Jan 15, 2010 at 2:06 PM, Julia Lawall <julia@...u.dk> wrote:
> > On the other hand, one has to take into account the fact that at least in
> > my case, the patches that are submitted are the ones that I have carefully
> > checked for correctness.  Having a make target in the kernel might give
> > some suggestion of quality that is perhaps not appropriate?
> 
> I don't see the problem. No tool is perfect so the only thing that
> matters is whether or not the benefits outweigh the costs. The problem
> I see with Coccinelle is that the scripts seem to be lost in a black
> hole (even if they are part of the changelog) which also means that
> your efforts don't scale.
> 
> There seems to be a universal law regarding kernel development: if
> something is out-of-tree, it simply doesn't matter from "people
> scalability" point of view. It doesn't really matter if you like it or
> not but that's the way things are right now. I, for one, would love to
> run Coccinelle on the tree I maintain but unfortunately the tool fails
> my "can I set it up in two minutes" rule so I haven't gotten around to
> give it a try. And I suspect I am not the only one.
> 
> So why not try it out? If the signal to noise ratio is too low and we
> can't fix that, we can always just remove the damn thing from the
> tree. Speculating whether or not something will work seems pretty
> pointless to me when you don't have any hard data.

We would be happy to go ahead with it, but would like to hear from others 
to be sure to be setting things up in a good way.

For other software there is a tool on our web page called coccicheck that 
runs a collection of scripts on a given directory.  But we have only put 
scripts of general interest in there.

julia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ