| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210819082242.GA13181@duo.ucw.cz>
Date: Thu, 19 Aug 2021 10:22:42 +0200
From: Pavel Machek <pavel@...x.de>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Theodore Ts'o <tytso@....edu>, Willy Tarreau <w@....eu>,
Pavel Machek <pavel@...x.de>, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, jason@...kstrand.net,
Jonathan Gray <jsg@....id.au>
Subject: Re: Determining corresponding mainline patch for stable patches Re:
[PATCH 5.10 125/135] drm/i915: avoid uninitialised var in eb_parse()
Hi!
> > > Plus this adds some cognitive load on those writing these patches, which
> > > increases the global effort. It's already difficult enough to figure the
> > > appropriate Cc list when writing a fix, let's not add more burden in this
> > > chain.
> > >
> > > ...
> > >
> > > I'm also defending this on other projects. I find it important that
> > > efforts are reasonably shared. If tolerating 1% failures saves 20%
> > > effort on authors and adds 2% work on recipients, that's a net global
> > > win. You never completely eliminate mistakes anyway, regardless of the
> > > cost.
> >
> > The only way I can see to square the circle would be if there was some
> > kind of script that added enough value that people naturally use it
> > because it saves *them* time, and it automatically inserts the right
> > commit metadata in some kind of standardized way.
> >
> > I've been starting to use b4, and that's a great example of a workflow
> > that saves me time, and standardizes things as a very nice side
> > effect. So perhaps the question is there some kind of automation that
> > saves 10-20% effort for authors *and* improves the quality of the
> > patch metadata for those that choose to use the script?
>
> A script/tool does generate the metadata in the "correct" way, as that
> is what Sasha and I use. It is the issue for when people do it on their
> own for various reasons and do not just point us at an upstream commit
> that can cause issues. In those cases, people wouldn't be using any
> script anyway, so there's nothing really to do here.
I agree that submitters would need to know about the tag; OTOH I
believe that if it looked like a tag, people would be more likely to
get it right. We moved from "mention what this fixes in body" to
"Fixes: " and I believe that was an improvement.
Anyway, three new entries in stable queues have format I have not seen
before:
|ec547f971 None .: 4.19| KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
|dbfcc0f75 None o: 4.19| KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
|b79b08940 None o: 4.4| KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
[ upstream commit 0f923e07124df069ba68d8bb12324398f4b6b709 ]
I guess I'll simply update the script.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)
Powered by blists - more mailing lists