lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190509144113.GB17053@zn.tnic>
Date:   Thu, 9 May 2019 16:41:13 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Colin Ian King <colin.king@...onical.com>
Cc:     Tony Luck <tony.luck@...el.com>, Qiuxu Zhuo <qiuxu.zhuo@...el.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        James Morse <james.morse@....com>, linux-edac@...r.kernel.org,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] EDAC, sb_edac: remove redundant update of tad_base

On Thu, May 09, 2019 at 03:29:42PM +0100, Colin Ian King wrote:
> These are the Coverity static analysis warning/error message
> classifications.  Tagging them should be useful for several reasons:
> 
> 1. We can classify the types of issues being fixed
> 2. We can see how many issues are being found/fixed with the use of
> static analysis tools like Coverity

Who's "We"?

> 3. It provides some context on how these bugs were being found.

I figured as much but I have more questions:

* you say "tools like Coverity" but the name Coverity is in the tag.
So another tool would want to add its own tag. Which begs the second
question:

* has it ever been discussed and/or agreed upon all those "tools" tags?

Because we remove internal tags which have no bearing on the upstream
kernel. When I see that tag, how can I find out what it means? Can I run
coverity myself?

Lemme dig another one:

Addresses-Coverity-ID: 744899 ("Missing break in switch")

Where do I look up that ID?

And so on...

Bottom line of what I'm trying to say is, those tags better be useful to
the general kernel audience - that means, they should be documented so
that people can look them up - or better not be in commit messages at
all.

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ