lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120416063838.GA23628@gmail.com>
Date:	Mon, 16 Apr 2012 08:38:40 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Willy Tarreau <w@....eu>
Cc:	Felipe Contreras <felipe.contreras@...il.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Greg KH <gregkh@...uxfoundation.org>,
	Sergio Correia <lists@...e.net>, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, akpm@...ux-foundation.org,
	alan@...rguk.ukuu.org.uk,
	linux-wireless Mailing List <linux-wireless@...r.kernel.org>,
	Sujith Manoharan <c_manoha@....qualcomm.com>,
	"ath9k-devel@...ts.ath9k.org" <ath9k-devel@...ema.h4ckr.net>,
	"John W. Linville" <linville@...driver.com>
Subject: Re: [ 00/78] 3.3.2-stable review


* Willy Tarreau <w@....eu> wrote:

> It's not the user's visibility, it's published code. Once code 
> is published, you cannot magically fix it without emitting a 
> new patch for this code and announcing so that users apply it. 
> These patches are called stable releases. Users want a good 
> reason to apply these patches, rebuild and reboot, and that's 
> one reason we absolutely want to have the commit descriptions 
> from upstream which detail the exact reason for the patch 
> (even if it's a revert).

Let me also outline why reverts are important and why they are 
not just 'a patch removed'.

A revert carries valuable information: we revert a broken commit 
not just with the terse description that it's broken, but with 
an exact description about *why* it's broken and how that 
breakage relates to the original patch.

In the limited 'patch space' nothing happened: a patch was done, 
then undone.

In the Git 'commit space' the picture is very different: we have 
a commit that does a change with a justification and we have 
*another* commit that undoes the code modification with 
*another* justification.

We got richer by two justifications and the kernel got
*more stable* in the process even though no actual code
changed:

 - We very likely won't repeat this mistake again, it's 
   documented for eternity to any developer touching this
   code in the future. See Linus's arguments about 'monotonic 
   progress'. Git hashes force the causality of the real 
   physical world on us, which is *especially* useful when we 
   make mistakes and would like to use a digital time machine 
   that whitewashes our shades of grey history.

 - In practice developers tend to be more careful with code that
   sees an above average ration of reverts. It's a red flag - it 
   shows that the code, the hardware or the development process 
   maintaining that code is somehow non-obvious and fragile for 
   one reason or another.

 - In most cases a change+revert also spurs further development: 
   the original justification is likely valid and people want to
   achieve that advantage but via some other, non-broken means. 
   In that sense the revert is a persistent TODO entry as well, 
   for developers.

If the bug was just a report somewhere in a mailing list archive 
on the web then it would bitrot quickly and people would not 
have a way to find it and react to it in an organized way.

By making it a Git commit; the change, the fix and all the 
justifications around it become a permanent part of Linux - 
which is more than just 15 million lines of code ...

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ