lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 11 Jul 2018 09:20:19 -0700
From:   Joe Perches <joe@...ches.com>
To:     Geert Uytterhoeven <geert+renesas@...der.be>,
        Andy Whitcroft <apw@...onical.com>
Cc:     Jason Gunthorpe <jgg@...lanox.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Linus Walleij <linus.walleij@...aro.org>,
        Yoshihiro Shimoda <yoshihiro.shimoda.uh@...esas.com>,
        Pavel Machek <pavel@....cz>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] checkpatch: Warn if missing author Signed-off-by

On Wed, 2018-07-11 at 17:10 +0200, Geert Uytterhoeven wrote:
> Print a warning if none of the Signed-off-by lines cover the patch
> author.
> 
> Non-ASCII quoted printable encoding in From: headers and (lack of)
> double quotes are handled.
> Split From: headers are not fully handled: only the first part is
> compared.
[]
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> +# Check the patch for a From:
> +		if (decode("MIME-Header", $line) =~ /^From:\s*(.*)/) {
> +			$author = encode("utf8", $1);
> +			$author =~ s/"//g;
> +		}
> +
>  # Check the patch for a signoff:
>  		if ($line =~ /^\s*signed-off-by:/i) {
>  			$signoff++;
>  			$in_commit_log = 0;
> +			if ($author ne '') {
> +				my $l = $line;
> +				$l =~ s/"//g;
> +				if ($l =~ /^\s*signed-off-by: \Q$author\E/i) {
> +				    $authorsignoff = 1;
> +				}
> +			}
>  		}

I don't see the point of removing the quotes.

If the name and email address don't exactly match,
why shouldn't it be reported?

>  # Check if MAINTAINERS is being updated.  If so, there's probably no need to
> @@ -6487,9 +6503,14 @@ sub process {
>  		ERROR("NOT_UNIFIED_DIFF",
>  		      "Does not appear to be a unified-diff format patch\n");
>  	}
> -	if ($is_patch && $has_commit_log && $chk_signoff && $signoff == 0) {
> -		ERROR("MISSING_SIGN_OFF",
> -		      "Missing Signed-off-by: line(s)\n");
> +	if ($is_patch && $has_commit_log && $chk_signoff) {
> +		if ($signoff == 0) {
> +			ERROR("MISSING_SIGN_OFF",
> +			      "Missing Signed-off-by: line(s)\n");
> +		} elsif (!$authorsignoff) {
> +			WARN("NO_AUTHOR_SIGN_OFF",
> +			     "Missing Signed-off-by: line by patch author\n");

Perhaps better to show the From: line author

		"Missing 'Signed-off-by:' from nomimal patch author '$author'\n");

Another somewhat frequent Signed-off-by: defect pattern
is to have a lower-case name or no name at all used.

Perhaps it'd be useful to add some checks like
a single word for a name and all lower-case names:

e.g.:
	Signed-off-by: joe perches <joe@...ches.com>

emits

Unusual lower case name: 'joe perches <joe@...ches.com>'

and
	Signed-off-by: root <root@...omain.net>
and
	Signed-off-by: Root <root@...omain.net>
and
	Signed-off-by: root@...omain.net

all emit that a single or missing name is unusual.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ