lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210907202047.2tm4q5euaxlb7cjz@meerkat.local>
Date:   Tue, 7 Sep 2021 16:20:47 -0400
From:   Konstantin Ryabitsev <konstantin@...uxfoundation.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     pr-tracker-bot@...nel.org, Bartosz Golaszewski <brgl@...ev.pl>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] gpio: updates for v5.15

On Tue, Sep 07, 2021 at 01:01:37PM -0700, Linus Torvalds wrote:
> On Tue, Sep 7, 2021 at 12:56 PM Konstantin Ryabitsev
> <konstantin@...uxfoundation.org> wrote:
> >
> > Failure is always an option. Let me poke at the logs and see what happened
> > here.
> 
> I was spooked by how it actually sent the email just after I had done
> the merge, but before I had pushed it out.

Uh... I'm borrowing some ideas from some large processor manufacturers and
implementing what I refer to as "speculative" pre-processing of pull requests.
If you've previously merged similar-looking requests in the past, then I'm
just extrapolating the average delay times and sending predictive
notifications.

The real reason this happened is just bot stupidity, actually. In your
response to the pull request in question [1], you had the following lines:

>     Merge branch 'ib-rockchip' of
>     git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
>     into gpio/for-next

[1] https://lore.kernel.org/all/CAHk-=wgQBgkut6zXTbZN45AtJmSceXwDw6Y60ZmwrPkOL__A8g@mail.gmail.com/

This was enough for the bot to think that this was a whole new pull request,
which it catalogued as pointing at commit 8096acd7442e613fad0354fc8dfdb2003cceea0b
(where linusw/linux-pinctrl master is). Then, since that commit already exists
in your tree, it sent out the notification.

I'm not sure what the right course of action here is. On the one hand,
recognizing your response as a pull request was clearly wrong. On the other
hand, a lot of valid pull requests are actually very similar to that (just
someone sending a "please pull" and a URL in the body -- often as a response
to a previous message, so we can't even reasonably weed out subjects with
"Re:").

So, we can either live with an occasional fail like this or I can try to
figure out how to narrow down the rules for what is and isn't a valid pull
request. One option is to check if the object is already in your tree and
over a few days old -- which would indicate that it's obviously not a pull
request to which we should be paying any attention.

-K

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ