lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Dec 2020 20:02:27 -0800 From: Dan Williams <dan.j.williams@...el.com> To: Vlastimil Babka <vbabka@...e.cz> Cc: "ksummit-discuss@...ts.linuxfoundation.org" <ksummit-discuss@...ts.linuxfoundation.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [Ksummit-discuss] crediting bug reports and fixes folded into original patch On Wed, Dec 2, 2020 at 3:44 PM Vlastimil Babka <vbabka@...e.cz> wrote: > > Hi, > > there was a bit of debate on Twitter about this, so I thought I would bring it > here. Imagine a scenario where patch sits as a commit in -next and there's a bug > report or fix, possibly by a bot or with some static analysis. The maintainer > decides to fold it into the original patch, which makes sense for e.g. > bisectability. But there seem to be no clear rules about attribution in this > case, which looks like there should be, probably in > Documentation/maintainer/modifying-patches.rst > > The original bug fix might include a From: $author, a Reported-by: (e.g. > syzbot), Fixes: $next-commit, some tag such as Addresses-Coverity: to credit the > static analysis tool, and an SoB. After folding, all that's left might be a line > as "include fix from $author" in the SoB area. This is a loss of > metadata/attribution just due to folding, and might make contributors unhappy. > Had they sent the fix after the original commit was mainline and immutable, all > the info above would "survive" in the form of new commit. > > So I think we could decide what the proper format would be, and document it > properly. I personally wouldn't mind just copy/pasting the whole commit message > of the fix (with just a short issue description, no need to include stacktraces > etc if the fix is folded), we could just standardize where, and how to delimit > it from the main commit message. If it's a report (person or bot) of a bug that > the main author then fixed, preserve the Reported-by in the same way (making > clear it's not a Reported-By for the "main thing" addressed by the commit). > > In the debate one less verbose alternatve proposed was a SoB with comment > describing it's for a fix and not whole patch, as some see SoB as the main mark > of contribution, that can be easily found and counted etc. I'm not so sure about > it myself, as AFAIK SoB is mainly a DCO thing, and for a maintainer it means > something else ("passed through my tree") than for a patch author. And this > approach would still lose the other tags. > > Thoughts? How about a convention to add a Reported-by: and a Link: to the incremental fixup discussion? It's just polite to credit helpful feedback, not sure it needs a more formal process. Along those lines, how is this situation different than the feedback that helps improve a patch that does not necessarily get credited by Reviewed-by:? Links to thank you notes in cover letters seems more appealing than moving more review / fix logs into the main history.
Powered by blists - more mailing lists