lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 18 Feb 2021 11:51:04 -0500
From:   Sasha Levin <sashal@...nel.org>
To:     Scott Branden <scott.branden@...adcom.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        BCM Kernel Feedback <bcm-kernel-feedback-list@...adcom.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Re: 5.10 LTS Kernel: 2 or 6 years?

On Wed, Feb 17, 2021 at 11:48:21AM -0800, Scott Branden wrote:
>On 2021-02-17 1:40 a.m., Greg Kroah-Hartman wrote:
>> Following up on this as I did not hear back from you.  Are you and/or
>> your company willing to help out with the testing of 5.10 to ensure that
>> it is a LTS kernel?  So far I have not had any companies agree to help
>> out with this effort, which is sad to see as it seems that companies
>> want 6 years of stable kernels, yet do not seem to be able to at the
>> least, do a test-build/run of those kernels, which is quite odd...
>I personally cannot commit to supporting this kernel for 6 years
>(and personally do not want to backport new features to a 6 year old kernel).
>And customers are finicky and ask for one thing and then change their mind later.

Why would we commit to maintining an upstream LTS for 6 years then? If
no one ends up using it (and we don't want anyone using older LTS
kernels) we're still stuck maintaining it.

>We'll have to see what decisions are made at a company level for this as there
>are added costs to run tests on LTS kernel branches.  We already run extensive QA on

This sounds very wrong: it's ok to get volunteers to commit to 6 years
while the company that is asking for it won't do the same?

Shouldn't Broadcom commit to the work involved here first?

>whatever active development branches are in use and a subset on the mainline
>branch as well.  QA resources are finite and committing those for 6 years is
>not something that makes sense if customers drop that kernel version.
>Testing of the LTS kernel changes really moves out of our hands and into the
>customer's testing after our major releases to them.

Keep in mind that QA resources are generally more abundant than
engineering resources that need to actually backport stuff to old
kernels.

-- 
Thanks,
Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ