lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 13 Aug 2021 13:19:53 +0200
From:   Willy Tarreau <>
To:     Greg Kroah-Hartman <>
Cc:     Pavel Machek <>,,,,
        Jonathan Gray <>
Subject: Re: Determining corresponding mainline patch for stable patches Re:
 [PATCH 5.10 125/135] drm/i915: avoid uninitialised var in eb_parse()

On Fri, Aug 13, 2021 at 01:02:43PM +0200, Greg Kroah-Hartman wrote:
> > > I ended up writing this trivial script that did the job well for me
> > > and also supported the "git cherry-pick -x" format that I was using
> > > a lot. Feel free to reuse that as a starting point, here it comes, a
> > > bit covered in dust :-)
> > 
> > Please see previous discussion. Yes, I have my regexps, too, but there
> > are variations, and there were even false positives.. One of them is
> > in this email thread.
> > 
> > Greg suggests to simply ignore context and look for SHA1 sum; that
> > does not work, either.
> The number of patches that your regex does not work on is a very tiny %,
> right?  Can't you just handle those "by hand"?

I agree, that's what I used to do as well and this never caused me
any particular difficult. The rare cases where the script emits no ID
just have to be dealt with manually. It used to happen less than once
per series (with series containing ~1k input patches). I'd say that the
amount of failed backports is roughly in the same order of magnitude as
the ones that could be missed this way, this needs to be put in

> > So what I'm asking is for single, easy to parse format. I don't quite
> > care what it is, but
> As long as people end up sending us patches as backports, they will get
> the format wrong in odd ways over time.  Heck, we can't even all get a
> simple signed-off-by: right all the time, look at the kernel logs for
> loads of issues where long-time developers mess that one up.

Plus this adds some cognitive load on those writing these patches, which
increases the global effort. It's already difficult enough to figure the
appropriate Cc list when writing a fix, let's not add more burden in this

> The phrase "perfect is the enemy of good" or something like that applies
> here.  I'm giving you backported patches "for free", the number of ones
> that someone messes up the text on is so small it should be lost in the
> noise...

I'm also defending this on other projects. I find it important that
efforts are reasonably shared. If tolerating 1% failures saves 20%
effort on authors and adds 2% work on recipients, that's a net global
win. You never completely eliminate mistakes anyway, regardless of the


Powered by blists - more mailing lists