| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Jun 2020 10:40:37 +1000 (AEST)
From: Finn Thain <fthain@...egraphics.com.au>
To: "Martin K. Petersen" <martin.petersen@...cle.com>
cc: Chris Boot <bootc@....tc>,
James Bottomley <James.Bottomley@...senPartnership.com>,
Johannes Thumshirn <Johannes.Thumshirn@....com>,
Bart Van Assche <bvanassche@....org>,
"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>,
"target-devel@...r.kernel.org" <target-devel@...r.kernel.org>,
"linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
"linux1394-devel@...ts.sourceforge.net"
<linux1394-devel@...ts.sourceforge.net>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Chuhong Yuan <hslester96@...il.com>,
Nicholas Bellinger <nab@...ux-iscsi.org>,
Stefan Richter <stefanr@...6.in-berlin.de>
Subject: Re: [PATCH] scsi: target/sbp: remove firewire SBP target driver
On Tue, 16 Jun 2020, Martin K. Petersen wrote:
>
> However, keeping code around is not free.
Right. And removing code isn't free either, if it forces people to find
workarounds.
> Core interfaces change frequently. Nobody enjoys having to tweak host
> templates for 50 devices they have never even heard about.
And yet some people seem to enjoy writing patches that are as trivial as
they are invasive...
You seem to be making an argument for more automation here, not an
argument for less code. Or is there some upper bound to the size of the
kernel, that might be lifted by adding maintainers? (Can you deliver a
better product by adding more developers to your project?)
> Also, we now live in a reality where there is a constant barrage of
> build bots and code analyzers sending mail. So the effective cost of
> keeping code around in the tree is going up.
But if maintenance cost rises due to good analysis, the value of the code
should rise too. So what's the problem? It seems to me that the real
problem is too many analyses that generate pedantic noise and no tangible
improvement in code quality or value.
> I get a substantial amount of code analysis mail about drivers nobody
> have touched in a decade or more.
>
When stable, mature code fails analysis, the analysis is also questionable
(in the absence of real examples).
> Consequently, I am much more inclined to remove drivers than I have been
> in the past. But I am also very happy to bring them back if somebody
> uses them or - even better - are willing to step up and maintain them.
>
You seem to be saying that 1) a driver should be removed when it no longer
meets the present threshold for code quality and 2) that a low quality
driver is eligible for re-addition because someone wants to use it.
I don't think you can have it both ways.
> I don't particularly like the notion of a driver being orphaned because
> all that really means is that the driver transitions from being (at
> least partially) somebody else's problem to being mine and mine alone.
>
Yes it's your problem but only on a best-effort basis.
Many issues detected by automatic analyzers can be fixed with automatic
code transformation tools. This kind of solution works tree-wide, so even
if some defect in your driver is "yours and yours alone", the solution
will probably come from others.
This email, like yours, is just hand-waving. So feel free to ignore it or
(preferably) provide evidence of real defects.
Powered by blists - more mailing lists