lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Oct 2018 10:29:58 -0400
From:   Sasha Levin <sashal@...nel.org>
To:     Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc:     Michael Schmitz <schmitzmic@...il.com>,
        "3.8+" <stable@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Andreas Schwab <schwab@...ux-m68k.org>,
        alexander.levin@...rosoft.com
Subject: Re: [PATCH AUTOSEL 4.18 24/58] Input: atakbd - fix Atari CapsLock
 behaviour

On Mon, Oct 08, 2018 at 12:20:26PM -0700, Dmitry Torokhov wrote:
>Hi Michael,
>
>On Mon, Oct 8, 2018 at 12:09 PM Michael Schmitz <schmitzmic@...il.com> wrote:
>>
>> Dmitry,
>>
>> someone on debian-68k reported the bug, which (to me) indicates that the
>> code is not just used by me.
>>
>> Whether or not a functioning Capslock is essential to have? You be the
>> judge of that. If you are OK with applying the keymap patch, why not
>> this one?
>
>I have exactly the same concerns about the keymap patch. This all has
>not been working correctly for many many years (and it was not broken
>in a subtly way as far as I understand, but rather quite obvious).
>Thus I do not understand why this belongs to stable release. It is not
>a [recent] regression, nor secutiry bug, nor even enabling of new
>hardware, that is why I myself did not mark it as stable.
>
>I still maintain that we pick up for stable too many patches for no
>clear benefit. This is similar to the patch for Atmel controllers that
>was picked to stable and I asked why, as it is not clear how many
>users might be affected (or if the problem the patch was solving was
>purely theoretical, or only affecting hardware that is not in
>circulation yet).

If you belive that a certain piece of code has no actual users, why do
you keep it in the upstream kernel to begin with?

I don't think it makes sense to keep something upstream because it might
have users, but not backport fixes because there might not have any
users.

You haven't seen evidence of anyone using/caring about it for a few
years? Great! Remove the code and if someone complains we can always
revert. This is how all those orphaned archs got removed a few releases
back. I'll even submit the patch if you'd like.

It doesn't make sense to have "second class citizens" like how you
suggested.

--
Thanks,
Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ