lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 9 Apr 2020 13:34:18 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     Matthew Wilcox <willy@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Peter Xu <peterx@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>
Subject: Re: [PATCH 0/2] mm: Two small fixes for recent syzbot reports

On Thu, Apr 9, 2020 at 1:27 PM Eric Biggers <ebiggers@...nel.org> wrote:
>
> Would it help if bugs blocking testing on linux-next were Cc'ed to
> linux-next@...r.kernel.org, so that Stephen could investigate?

Maybe. I'll let Stephen say.

But I think the big issue is the "blocking testing" part.

If it's "just" regular bugs, then:

> FWIW, the issue of "syzbot report sent and ignored for months/years" is actually
> a much broader one which applies to all bugs, not just build / test breakages.

I don't  know what to do about that, but it may be that people just
don't judge the bugs interesting or assume that they are old.

That's what made bugzilla so useless - being flooded with stale bugs
that might not be worth worrying about, and no way to really tell.

So old bugs generally should be aged out, and then if they still
happen, prioritized. With "this keeps us from even finding new bugs"
being a fairly high priority..

One de-motivational issue with syzbot reported bugs may be that they
sometimes get sent to the wrong set of people - but still wide enough
that everybody feels it's somebody elses issue. A kind of bystander
effect for bugs.

                Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ