lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6ac84dff-e190-2664-c30e-9f6fc4dbc592@al2klimov.de>
Date:   Sat, 11 Jul 2020 07:36:54 +0200
From:   "Alexander A. Klimov" <grandmaster@...klimov.de>
To:     Jonathan Corbet <corbet@....net>
Cc:     torvalds@...ux-foundation.org, davej@...emonkey.org.uk,
        kvalo@...eaurora.org, luis.f.correia@...il.com, cyphar@...har.com,
        paulburton@...nel.org, ribalda@...nel.org, martink@...teo.de,
        geert+renesas@...der.be, mchehab+samsung@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] CREDITS: replace HTTP links with HTTPS ones and add
 myself



Am 10.07.20 um 23:46 schrieb Jonathan Corbet:
> On Fri, 10 Jul 2020 21:43:42 +0200
> "Alexander A. Klimov" <grandmaster@...klimov.de> wrote:
> 
>> Regarding the links:
>>
>> Rationale:
>> Reduces attack surface on kernel devs opening the links for MITM
>> as HTTPS traffic is much harder to manipulate.
>>
>> Deterministic algorithm:
>> For each file:
>>    If not .svg:
>>      For each line:
>>        If doesn't contain `\bxmlns\b`:
>>          For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>>            If both the HTTP and HTTPS versions
>>            return 200 OK and serve the same content:
>>              Replace HTTP with HTTPS.
>>
>> Regarding the addition of myself:
> 
> A couple of things here...
> 
>> Rationale:
>> * 93431e0607e5
> 
> This is ... not particularly self-explanatory.  Is that meant to be a
> commit reference?  If so, you would want to use the normal format.
> 
>> * the replaced links in this patch
> 
> If you are going to do something like make an addition to the file, you
> need to do that separately from a cleanup patch. >
> But somebody has to say this: I don't think we have any sort of laid-down
> policy for what it takes to be mentioned in CREDITS, but I don't think that
I have absolutely no problem with that.
But IMAO you *should* have a such policy.
At least for people who'd *have* a problem with that.

> your work thus far clears whatever bar we might set.  We don't immortalize
> every person who submits some cleanup patches, or this file would be a long
> one indeed.  If you would like to be remembered for your kernel work, I
> would respectfully suggest that you move beyond mechanical cleanups into
> higher-level work.
> 
> One other little thing that jumped out at me:
> 
>>   N: Alan Cox
>> -W: http://www.linux.org.uk/diary/
>> +W: https://www.linux.org.uk/diary/
>>   D: Linux Networking (0.99.10->2.0.29)
>>   D: Original Appletalk, AX.25, and IPX code
>>   D: 3c501 hacker
> 
> That link just redirects to linux.com, which is probably not what Alan had
> in mind.  Replacing the link with one into the wayback machine (or perhaps
> just removing it entirely) would seem like a more useful change than adding
> HTTPS to a link that clearly does not reach the intended destination.
> 
> Thanks,
> 
> jon
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ