lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YRdnANmNvp+Hkcg5@kroah.com>
Date:   Sat, 14 Aug 2021 08:47:28 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Theodore Ts'o <tytso@....edu>
Cc:     Willy Tarreau <w@....eu>, Pavel Machek <pavel@...x.de>,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        jason@...kstrand.net, Jonathan Gray <jsg@....id.au>
Subject: Re: Determining corresponding mainline patch for stable patches Re:
 [PATCH 5.10 125/135] drm/i915: avoid uninitialised var in eb_parse()

On Fri, Aug 13, 2021 at 11:46:38AM -0400, Theodore Ts'o wrote:
> On Fri, Aug 13, 2021 at 01:19:53PM +0200, Willy Tarreau wrote:
> > 
> > Plus this adds some cognitive load on those writing these patches, which
> > increases the global effort. It's already difficult enough to figure the
> > appropriate Cc list when writing a fix, let's not add more burden in this
> > chain.
> > 
> > ...
> > 
> > I'm also defending this on other projects. I find it important that
> > efforts are reasonably shared. If tolerating 1% failures saves 20%
> > effort on authors and adds 2% work on recipients, that's a net global
> > win. You never completely eliminate mistakes anyway, regardless of the
> > cost.
> 
> The only way I can see to square the circle would be if there was some
> kind of script that added enough value that people naturally use it
> because it saves *them* time, and it automatically inserts the right
> commit metadata in some kind of standardized way.
> 
> I've been starting to use b4, and that's a great example of a workflow
> that saves me time, and standardizes things as a very nice side
> effect.  So perhaps the question is there some kind of automation that
> saves 10-20% effort for authors *and* improves the quality of the
> patch metadata for those that choose to use the script?

A script/tool does generate the metadata in the "correct" way, as that
is what Sasha and I use.  It is the issue for when people do it on their
own for various reasons and do not just point us at an upstream commit
that can cause issues.  In those cases, people wouldn't be using any
script anyway, so there's nothing really to do here.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ