lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1307160011530.29788@pobox.suse.cz>
Date:	Tue, 16 Jul 2013 00:22:16 +0200 (CEST)
From:	Jiri Kosina <jkosina@...e.cz>
To:	Greg KH <greg@...ah.com>
Cc:	James Bottomley <James.Bottomley@...senPartnership.com>,
	ksummit-2013-discuss@...ts.linuxfoundation.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [Ksummit-2013-discuss] KS Topic request: Handling the Stable
 kernel, let's dump the cc: stable tag

On Mon, 15 Jul 2013, Greg KH wrote:

> > The solution, to me, looks simple:  Let's co-opt a process we already
> > know how to do: mailing list review and tree handling.  So the proposal
> > is simple:
> > 
> >      1. Drop the cc: stable@ tag: it makes it way too easy to add an ill
> >         reviewed patch to stable
> >      2. All patches to stable should follow current review rules: They
> >         should go to the mailing list the original patch was sent to
> >         once the original is upstream as a request for stable.
> >      3. Following debate on the list, the original maintainer would be
> >         responsible for collecting the patches (including the upstream
> >         commit) adjudicating on them and passing them on to stable after
> >         list review (either by git tree pull or email to stable@).
> > 
> > I contend this raises the bar for adding patches to stable much higher,
> > which seems to be needed, and adds a review stage which involves all the
> > original reviewers.
> 
> I don't like this at all, just for the simple reason that it will push
> the majority of the work of stable kernel development on to the
> subsystem maintainers, who have enough work to do as it is.

Sorry Greg, but I disagree.

If the point of the stable tree really is about rock-solid stability, the 
"it applies without fuzz and there was no explicit NACK" just isn't 
enough. Someone who actually understands the code (maintainer) should 
absolutely give his Acked-for-stable-by: (*), otherwise the result is much 
less trustworthy.

I think 991f76f83 might serve as a good example. It has been marked "Cc: 
stable", it applied without cleanly, so it has been applied to all the 
existing stable trees, including 3.0.

The problem is that one has to actually perform a review of the patch with 
respect to 3.0.x codebase to notice that the pre-requisity for this patch 
(ef3d0fd27e) is only present in 3.2 and later, and hasn't been marked for 
stable (which is correct, it has no business there).

(*) For me personally, the best mode of operation would actually be to 
    have for-stable/3.x branches in my git tree, cherry-pick from other 
    topic branches once the patches are in Linus' tree, and send you pull 
    request for stable regularly (for each stable branch separately of 
    course)
   
    This model would make maintainers clearly responsible for the contents 
    of stable tree, wouldn't cause any extra work for you (quite the 
    contrary, I'd say), and it'd follow the development model we have for
    Linus' tree.

-- 
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ