lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 2 Sep 2017 09:42:54 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Doug Ledford <dledford@...hat.com>
Cc:     Stephen Rothwell <sfr@...b.auug.org.au>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Mike Marciniszyn <mike.marciniszyn@...el.com>,
        Kaike Wan <kaike.wan@...el.com>,
        Dennis Dalessandro <dennis.dalessandro@...el.com>,
        John Fleck <john.fleck@...el.com>
Subject: Re: linux-next: Signed-off-by missing for commit in the rdma tree

On Fri, Sep 1, 2017 at 5:06 AM, Doug Ledford <dledford@...hat.com> wrote:
> On 8/31/2017 5:50 PM, Stephen Rothwell wrote:
>> Hi Doug,
>>
>> Commit
>>
>>   4b9796b0a6fb ("IB/hfi1: Use accessor to determine ring size")
>>
>> is missing a Signed-off-by from its author.
>>
>
> What's the best way to fix this?  I can rebase, but I know Linus hates
> that.  What about git note?

We don't end up using (or forwarding) git notes, so that won't help.

Generally, the answer to missing sign-offs is "don't do that again" if
it's not something major and there isn't a _pattern_ of it happening.

In this case, it's a one-liner patch from a developer who has lots of
other sign-offs, from a company that is very aware of his work and the
GPL, and an active contributor. so it's not like it has any legal
implications.

If it was some big important patch from a more questionable source,
and we'd be worried about covering the legal side, it would be a
different issue. As it is, it falls under "mistakes happen, not a big
deal, try to avoid it in the future".

If it *was* a bigger issue and you really want to make sure that the
chain is there for new contributors etc, rebasing to fix sign-offs
ends up being the best (still bad) solution.

                      Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ