lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 11 Sep 2019 16:49:58 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Dave Hansen <dave.hansen@...ux.intel.com>
Cc:     linux-kernel@...r.kernel.org, corbet@....net, sashal@...nel.org,
        ben@...adent.org.uk, tglx@...utronix.de, labbott@...hat.com,
        andrew.cooper3@...rix.com, tsoni@...eaurora.org,
        keescook@...omium.org, tony.luck@...el.com,
        linux-doc@...r.kernel.org, dan.j.williams@...el.com
Subject: Re: [PATCH 3/4] Documentation/process: soften language around
 conference talk dates

On Tue, Sep 10, 2019 at 10:26:51AM -0700, Dave Hansen wrote:
> 
> From: Dave Hansen <dave.hansen@...ux.intel.com>
> 
> Both hardware companies and the kernel community prefer coordinated
> disclosure to the alternatives.  It is also obvious that sitting on
> ready-to-go mitigations for months is not so nice for kernel
> maintainers.
> 
> I want to ensure that the patched text can not be read as "the kernel
> does not wait for conference dates".  I'm also fairly sure that, so
> far, we *have* waited for a number of conference dates.

We have been "forced" to wait for conference dates.  That is much
different from what we are saying here (i.e. we do NOT want to have to
wait for that type of thing as that causes us all real work that is a
total waste of engineering effort.)

> Change the text to make it clear that waiting for conference dates
> is possible, but keep the grumbling about it being a burden.

I don't think we want that, waiting for long periods of time like we
have been (and are currently) is a royal pain.  We are glad to take
these on a case-by-case basis, but doing delays for no other reason than
a specific conference date 6 months in the future when we have fixes now
benifits no one at all, and in fact HURTS everyone involved, including
our users the most.

> While I think this is good for everyone, this patch represents my
> personal opinion and not that of my employer.

I appreciate the disclaimer :)

I know Thomas and others are totally busy with Plumbers right now (as am
I), so I'll hold on to this and your next patch in my "to-review" queue
to give others a chance to weigh in on the tweaks to see if anyone
disagrees with my comments above.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ