lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 12 Dec 2011 13:40:44 -0800
From:	"Luis R. Rodriguez" <mcgrof@...jolero.org>
To:	Ben Hutchings <ben@...adent.org.uk>,
	"John W. Linville" <linville@...driver.com>
Cc:	LKML <linux-kernel@...r.kernel.org>, Dave Jones <davej@...hat.com>,
	Greg KH <greg@...ah.com>,
	Debian kernel maintainers <debian-kernel@...ts.debian.org>,
	Rusty Russell <rusty@...tcorp.com.au>,
	linux-wireless <linux-wireless@...r.kernel.org>
Subject: Re: [PATCH] module,bug: Add TAINT_OOT_MODULE flag for modules not
 built in-tree

On Mon, Oct 24, 2011 at 6:12 AM, Ben Hutchings <ben@...adent.org.uk> wrote:
> Use of the GPL or a compatible licence doesn't necessarily make the code
> any good.  We already consider staging modules to be suspect, and this
> should also be true for out-of-tree modules which may receive very
> little review.
>
> Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
> ---
> Debian has been carrying this for the last few kernel versions.  The
> recent thread '[RFC] virtualbox tainting.' and discussions at KS suggest
> that this might be more generally useful.

This indeed seems like a good idea to advocate getting things upstream
(not just staging) but what about the case where we have upstream
drivers from future kernels backported to older kernels and the newer
driver is simply provided as a feature for users who may need new
features / chipset support on their old distribution kernel?

It seems this taint flag will be used for driers backported through
compat-wireless, the compat kernel module or any other backported
driver, even if it is indeed upstream and whereby kernel developer
*do* commit to actually fixing issues. In our experience
compat-wireless bugs *are real bugs*, not backport bugs so we do look
into them. In our latest linux-next.git based release for example
backport code consists only of 1.3804% of the code.

  Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ