lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <44e28591-873a-d873-e04a-78dda900a5de@ispras.ru>
Date:   Wed, 30 Mar 2022 02:49:00 +0300
From:   Alexey Khoroshilov <khoroshilov@...ras.ru>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
        torvalds@...ux-foundation.org, stable@...r.kernel.org
Cc:     lwn@....net, jslaby@...e.cz
Subject: Stable release process proposal (Was: Linux 5.10.109)

Dear Greg,

First of all, thank you very much for keeping stable maintenance so well.

We (Linux Verification Center of ISPRAS (linuxtesting.org)) are going to
join a team of regular testers for releases in 5.10 stable branch (and
other branches later). We are deploying some test automation for that
and have met an oddity that would to discuss.

Sometimes, like in 5.10.109 release, we have a situation when a
released version (5.10.109) differs from the release candidate
(5.10.109-rс1). In this case there was a patch "llc: only change
llc->dev when bind()succeeds" added to fix a bug in another llc fix.
Unfortunately, as Pavel noted, this patch does not fix a bug, but
introduces a new one, because another commit b37a46683739 ("netdevice:
add the case if dev is NULL") was missed in 5.10 branch.

The problem will be fixed in 5.10.110, but we still have a couple oddities:
- we have a release that should not be recommended for use
- we have a commit message misleading users when says:

    Tested-by: Pavel Machek (CIP) <pavel@...x.de>
    Tested-by: Fox Chen <foxhlchen@...il.com>
    Tested-by: Florian Fainelli <f.fainelli@...il.com>
    Tested-by: Shuah Khan <skhan@...uxfoundation.org>
    Tested-by: Bagas Sanjaya <bagasdotme@...il.com>
    Tested-by: Salvatore Bonaccorso <carnil@...ian.org>
    Tested-by: Linux Kernel Functional Testing <lkft@...aro.org>
    Tested-by: Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
    Tested-by: Guenter Roeck <linux@...ck-us.net>

but actually nobody tested that version.

There are potential modifications in stable release process that can
prevent such problems:

(1) to always release rс2 when there are changes in rc1 introduced

(2) to avoid Tested-by: section from release commits in such situations.

Or may be it is overkill and it too complicates maintenance work to be
worth. What do you think?


Best regards,
Alexey Khoroshilov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ