lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YRaT3u4Qes8UY3x6@mit.edu>
Date:   Fri, 13 Aug 2021 11:46:38 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     Willy Tarreau <w@....eu>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Pavel Machek <pavel@...x.de>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, jason@...kstrand.net,
        Jonathan Gray <jsg@....id.au>
Subject: Re: Determining corresponding mainline patch for stable patches Re:
 [PATCH 5.10 125/135] drm/i915: avoid uninitialised var in eb_parse()

On Fri, Aug 13, 2021 at 01:19:53PM +0200, Willy Tarreau wrote:
> 
> Plus this adds some cognitive load on those writing these patches, which
> increases the global effort. It's already difficult enough to figure the
> appropriate Cc list when writing a fix, let's not add more burden in this
> chain.
> 
> ...
> 
> I'm also defending this on other projects. I find it important that
> efforts are reasonably shared. If tolerating 1% failures saves 20%
> effort on authors and adds 2% work on recipients, that's a net global
> win. You never completely eliminate mistakes anyway, regardless of the
> cost.

The only way I can see to square the circle would be if there was some
kind of script that added enough value that people naturally use it
because it saves *them* time, and it automatically inserts the right
commit metadata in some kind of standardized way.

I've been starting to use b4, and that's a great example of a workflow
that saves me time, and standardizes things as a very nice side
effect.  So perhaps the question is there some kind of automation that
saves 10-20% effort for authors *and* improves the quality of the
patch metadata for those that choose to use the script?

      	       	   	      	     - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ