lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHk-=wiVi7mSrsMP=fLXQrXK_UimybW=ziLOwSzFTtoXUacWVQ@mail.gmail.com>
Date:   Thu, 21 May 2020 11:15:20 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Eric Sandeen <sandeen@...deen.net>
Cc:     Namjae Jeon <linkinjeon@...nel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] exfat: add the dummy mount options to be backward
 compatible with staging/exfat

On Thu, May 21, 2020 at 8:44 AM Eric Sandeen <sandeen@...deen.net> wrote:
>
> Wow, it seems wild that we'd need to maintain compatibility with options
> which only ever existed in a different codebase in a staging driver
> (what's the point of staging if every interface that makes it that far has
> to be maintained in perpetuity?)

The rules about regressions have never been about any kind of
documented behavior, or where the code lives.

The rules about regressions are always about "breaks user workflow".

Users are literally the _only_ thing that matters.

No amount of "you shouldn't have used this" or "that behavior was
undefined, it's your own fault your app broke" or "that used to work
simply because of a kernel bug" is at all relevant.

Now, reality is never entirely black-and-white. So we've had things
like "serious security issue" etc that just forces us to make changes
that may break user space. But even then the rule is that we don't
really have other options that would allow things to continue.

And obviously, if users take years to even notice that something
broke, or if we have sane ways to work around the breakage that
doesn't make for too much trouble for users (ie "ok, there are a
handful of users, and they can use a kernel command line to work
around it" kind of things) we've also been a bit less strict.

But no, "that was documented to be broken" (whether it's because the
code was in staging or because the man-page said something else) is
irrelevant. If staging code is so useful that people end up using it,
that means that it's basically regular kernel code with a flag saying
"please clean this up".

The other side of the coin is that people who talk about "API
stability" are entirely wrong. API's don't matter either. You can make
any changes to an API you like - as long as nobody notices.

Again, the regression rule is not about documentation, not about
API's, and not about the phase of the moon.

It's entirely about "we caused problems for user space that used to work".

                   Linus

PS. Obviously "API stability" is important in the sense that if you
_don't_ change any user-visible API's, that's a much safer change that
needs much less care than a change that _does_ change a user-visible
API.

So "API stability" isn't a meaningless concept, but it's not the"First
rule of kernel programming" that "no regressions" is. It's just that
there tends to be a correlation between "I made subtle API changes"
and "uhhuh, I broke user space".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ