lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 13 Mar 2021 23:30:09 +0100
From:   Pavel Machek <pavel@...x.de>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Florian Fainelli <f.fainelli@...il.com>,
        linux-kernel@...r.kernel.org, Alexander Lobakin <alobakin@...me>,
        torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
        linux@...ck-us.net, shuah@...nel.org, patches@...nelci.org,
        lkft-triage@...ts.linaro.org, pavel@...x.de, jonathanh@...dia.com,
        stable@...r.kernel.org
Subject: Re: [PATCH 5.4 00/24] 5.4.105-rc1 review

Hi!

> > So I guess we are good, until we are not. It concerns me however that
> > this (latent at the time) issue was reported at Wed, 10 Mar 2021
> > 20:19:48 -0800 which is well before the deadline of Fri, 12 Mar 2021
> > 13:23:09 +0000, and yet, the v5.4.105 was announced on Thu, 11 Mar 2021
> > 05:33:31 -0800 (PST) and it went through with that patch nonetheless.
> 
> It's a judgement call on my side as to when to do the release, based on
> the testing that has happened, any reports, and my knowledge of what is
> in the patches themselves.  For this patchset, all of the expected
> testers came back with no problems, except for your report.
> 
> And if your report turned out to be real (the fact that it was a
> backport of an "old" patch made it much less likely to be real), I can
> always instantly revert it and push out a new release quickly for the
> tiny subset of those that have problems with this.
> 
> So I took a guess based on all of this and decided it was more important
> to get the release out early, so that it can start to make its way to
> the huge majority of systems that did report testing worked fine, than
> to delay it to wait for your single system report.  Because again, if
> this turned out to be a real issue, a quick release for any affected
> systems would have been trivial to create.

You are setting yourself (and testers) a deadline... and then you
ignore it.

People are not only testing the release, they are also reviewing the
patches, and having at least two days for that is useful.

You clearly disagree, but in any case you should not mention deadline
in the initial if you don't intend to keep them. Thats confusing, and
clearly it is not only confusing to me.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ