lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53342e1a-8430-2557-94c7-1da979a79e68@al2klimov.de>
Date:   Fri, 10 Jul 2020 21:36:03 +0200
From:   "Alexander A. Klimov" <grandmaster@...klimov.de>
To:     Stafford Horne <shorne@...il.com>,
        Greg KH <gregkh@...uxfoundation.org>
Cc:     stern@...land.harvard.edu, linux-usb@...r.kernel.org,
        usb-storage@...ts.one-eyed-alien.net, linux-kernel@...r.kernel.org,
        Jonathan Corbet <corbet@....net>,
        David Miller <davem@...emloft.net>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: USB MASS STORAGE
 DRIVER



Am 10.07.20 um 12:36 schrieb Stafford Horne:
> On Thu, Jul 09, 2020 at 08:14:09AM +0200, Greg KH wrote:
>> On Wed, Jul 08, 2020 at 08:41:54PM +0200, Alexander A. Klimov wrote:
>>>
>>>
>>> Am 08.07.20 um 12:39 schrieb Greg KH:
>>>> On Wed, Jul 08, 2020 at 11:55:00AM +0200, Alexander A. Klimov wrote:
>>>>> Rationale:
>>>>> Reduces attack surface on kernel devs opening the links for MITM
>>>>> as HTTPS traffic is much harder to manipulate.
>>>>>
>>>>> Deterministic algorithm:
>>>>> For each file:
>>>>>     If not .svg:
>>>>>       For each line:
>>>>>         If doesn't contain `\bxmlns\b`:
>>>>>           For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>>>>> 	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>>>>>               If both the HTTP and HTTPS versions
>>>>>               return 200 OK and serve the same content:
>>>>>                 Replace HTTP with HTTPS.
>>>>>
>>>>> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
>>>>
>>>> Your subject lines are very odd compared to all patches for this
>>>> subsystem, as well as all other kernel subsystems.  Any reason you are
>>>> doing it this way and not the normal and standard method of:
>>>> 	USB: storage: replace http links with https
>>>>
>>>> That would look more uniform as well as not shout at anyone.
> 
> I would agree.  The OpenRISC patch for this series says:
>    "OPENRISC ARCHITECTURE:..."
> 
> Here it would just be "openrisc:..." I think fixing the whole series is needed.
> Greg is not the only on complaining.
> 
> Ideally, I think, it would be good to have this sent out as a series i.e [PATCH 3/55]
> rather than individual patches so this could be discussed as a whole.
1) To who? As right now? As right now plus Torvalds, KH, Miller, etc.?
    As right now, but all-to-all?
2) Apropos "series" and "as whole"... I stumbled over
    `git log --oneline |grep -Fwe treewide`
    and am wondering:
    *Shouldn't all of these patches even begin with "treewide: "?*
    E.g.: "treewide: Replace HTTP links with HTTPS ones: GCC PLUGINS"

> 
> -Stafford
> 
>>>> thanks,
>>>>
>>>> greg k-h
>>>>
>>> Hi,
>>>
>>> I'm very sorry.
>>>
>>> As Torvalds has merged 93431e0607e5 and many of you devs (including big
>>> maintainers like David Miller) just applied this stuff, I assumed that's OK.
>>>
>>> And now I've rolled out tens of patches via shell loop... *sigh*
>>>
>>> As this is the third (I think) change request like this, I assume this rule
>>> applies to all subsystems – right?
>>
>> Yes, you should try to emulate what the subsystem does, look at other
>> patches for the same files, but the format I suggested is almost always
>> the correct one.  If not, I'm sure maintainers will be glad to tell you
>> otherwise :)
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ