lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACT4Y+YjD68zBdN7zCViB5ab9-R2JgBEf5OBiDauxMsyuEkLRw@mail.gmail.com>
Date:   Mon, 26 Mar 2018 10:46:31 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Eric Biggers <ebiggers3@...il.com>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: syzbot dashboard

On Fri, Mar 23, 2018 at 9:50 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Fri, Mar 23, 2018 at 1:16 PM, Eric Biggers <ebiggers3@...il.com> wrote:
>>
>> A compromise could be to remove the raw.log from the emails, and send the config
>> in 'defconfig' format rather than the full config
>
> I really don't think the config is very legible, and isn't something
> that people will look at to judge whether it's intrresting or not.
> It's still "many hundreds of lines of line noise"
>
> And it shouldn't really be part of the consideration whether a bug is
> really worth looking at or not anyway, although *after* you've found
> the bug as a developer, you may decide "ok, that configuration isn't
> valid, so I should just disallow it in Kconfig". But that's still a
> bugfix.
>
> So I think the config can stay purely on the web (for when you go "so
> how do I *reproduce* this?") along with the actual reproducer and the
> full logs.
>
> I'd rather make the emails be small and legible, and contain the
> minimum amount of information.
>
> Because I really do *not* need a few hundred emails from some
> automated source that each have a roughly thousand-line config
> attachements.
>
> An email with 50 lines of THE ACTUAL DECODED OOPS? Sure. That's
> critical information. That doesn't make me go "why does this stupid
> bot spew garbage at me"?


I've switched emails to links instead of attachments, here are few
recent examples:
https://lkml.org/lkml/2018/3/25/31
https://lkml.org/lkml/2018/3/25/256
https://lkml.org/lkml/2018/3/25/257

Filed https://github.com/google/syzkaller/issues/550 for periodic
pings and noted your requirements. In particular, we will need
something for "I'm not the right person for this report", and some
plan for gradual rollout. It will take some time to implement.
Meanwhile developers are welcome to look at the dashboard
https://syzkaller.appspot.com/

Thanks again

Powered by blists - more mailing lists