lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YO8dN9U7J2bi1gkf@mit.edu>
Date:   Wed, 14 Jul 2021 13:21:59 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Sasha Levin <sashal@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Michal Hocko <mhocko@...nel.org>,
        Hugh Dickins <hughd@...gle.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Miaohe Lin <linmiaohe@...wei.com>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        stable@...r.kernel.org
Subject: Re: 5.13.2-rc and others have many not for stable

On Wed, Jul 14, 2021 at 05:46:22PM +0200, Greg Kroah-Hartman wrote:
> 
> The number of valid cases where someone puts a "Fixes:" tag, and that
> patch should NOT be backported is really really slim.  Why would you put
> that tag and not want to have known-broken kernels fixed?
> 
> If it really is not an issue, just do not put the "Fixes:" tag?

I think it really boils down to what the tags are supposed to mean and
what do they imply.

The argument from the other side is if the Stable maintainers are
interpreting the Fixes: tag as an implicit "CC: stable", why should we
have the "Cc: stable" tag at all in that case?

We could also have the policy that in the case where you have a fix
for a bug, but it's super subtle, and shouldn't be automatically
backported, that the this should be explained in the commit, e.g.,

   This commit fixes a bug in "1adeadbeef33: lorem ipsum dolor sit
   amet" but it is touching code which subtle and quick to anger, the
   bug isn't all that serious.  So please don't backport it
   automatically; someone should manually do the backport and run the
   fooblat test before sumitting it to the stable maintainers.

Andrew seems to be of the opinion that these sorts of cases are very
common.  I don't have enough data to have a strong opinion either way.
But if you are right that it is a rare case, then sure, simply
omitting the Fixes: tag and using text in the commit description would
work.  We just need to agree that this is the convention that we all
shoulf be using.

I still wonder though what's the point of having the "Cc: stable" tag
if it's implicitly assumed to be there if there is a Fixes: tagle.

Cheers,

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ