lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 12 Jan 2021 18:34:18 +0100
From:   Thorsten Leemhuis <>
To:     Randy Dunlap <>,
        Jonathan Corbet <>
Subject: Re: [PATCH v1 (RFC)] docs: discourage users from using

Am 12.01.21 um 00:42 schrieb Randy Dunlap:
> On 1/11/21 10:55 AM, Thorsten Leemhuis wrote:
>> Am 11.01.21 um 19:14 schrieb Randy Dunlap:
>>> On 1/10/21 4:10 AM, Thorsten Leemhuis wrote:
>>> Andrew Morton takes MM bugs and Cc:s them to linux-mm mailing list
>>> and then asks for discussion to continue on the mailing list.
>> Then what use it bugzilla here? Wouldn't it be better for people to go
>> straight to the list?
> Might as well, yes.

Yeah, and that's among the reasons why I wrote the new document on
reporting bugs/issues (which explains how to report issues by mail) and
additionally work (at least for now) towards discouraging people from

>> Just trying to understand things better here, as there are other things
>> that look strange to me and were mentioned in the patch description. For
>> example: Why are there only 200 products and components on
>> (some of them for historic things like the
>> ac-kernels) while the MAINTAINERS file has more than 2200 entries?
> I wouldn't want a separate entry for each  SPI/GPIO/regulator/USB etc.
> device. That's just IMO...

I can relate to that view, but OTOH that would means a middleperson is
needed to get in contact with the maintainer. Which is fine concept, as
that person could be a kind of 1st level support that shields higher
level people like developers and maintainers from bad bug reports.

But I guess that would be a boring job which I nobody will do over
longer periods of time just for fun. Sure, the LF or someone else could
hire someone (see the mail from Konstantin in this thread; will reply to
that later); but I wonder if we have more pressing issues where the
money would better be spend better. And even if not: getting that money
and hiring someone would take some time...

>>> could/should probably see if we can add more project-specific
>>> mailing lists to the automatic reporting 
>> Guess that would mean taking to a lot of maintainers/mailing list admins
>> if they are okay with that. Who would do that?
> whoever is motivated to do so.

Not me. ;-) That is not working to well is known for
years now, without anyone stepping up to improve the situation for real.
Maybe my work/this discussion gets something rolling. But I guess until
I see that happen I continue working towards discouraging people from
using, as otherwise things will just stay as they
are, which IMHO is a bad idea with the state of things.

Ciao, Thorsten

Powered by blists - more mailing lists