lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Apr 2022 12:31:16 +0200
From:   Krzysztof Kozlowski <krzk@...nel.org>
To:     Thorsten Leemhuis <linux@...mhuis.info>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg KH <gregkh@...uxfoundation.org>,
        Konstantin Ryabitsev <konstantin@...uxfoundation.org>
Cc:     "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        workflows@...r.kernel.org
Subject: Re: A lot of regression reports submitted to bugzilla.kernel.org are
 apparently ignored, even bisected ones

On 06/04/2022 14:35, Thorsten Leemhuis wrote:
> Hi! TLDR: I looked closer at every ticket filed in bugzilla.kernel.org
> over a time span of two weeks to see how well reports are handled, in
> particular those for kernel regressions. The results of this rough
> analysis are kinda devastating from my point of view. I for example
> found 8 tickets describing a regression where the reporter had even
> bisected the problem, but nevertheless the ticket afaics didn’t get a
> single reply or any other reaction from a regular kernel developer
> within about a week; in fact out of a total of 20 reports that looked
> like regressions to me (17 if you exclude tickets where the reporter
> used an afaics lightly patched distro kernel), only one got a helpful
> reply from a developer within a week. 

To respond, developer would first had to be notified. Did it happen? Or
just some default assignee got automated notification?

> That makes us miss valuable
> reports and puts our "no regressions" rule into a bad light. Hence,
> something IMHO should be done here to improve the situation, but I'm not
> sure myself what exactly -- that's why I'm writing this mail. A better
> warning on bugzilla’s frontpage suggesting to report issues by mail
> maybe? And/or disable all bugzilla products and components where it's
> not clear that somebody will be looking at least once at submitted tickets?

I find such Bugzilla useless - the Components are not matching reality,
Products look ok except missing really a lot. Does it have proper
assigners based on maintainers? Nope. At least not everywhere.

All the bug or issue reports I get via email and I think I am not alone
in this. All automated tools (kbuild, kernelCI) are using emails for bug
reporting. Why having one more system which seems not up to date?

The only reliable and up to date information we have in maintainers
file: who is responsible and whom to CC (e.g. lists).

I can give example from my domain:
https://bugzilla.kernel.org/show_bug.cgi?id=210047

This is clearly issue for me but there is no way I was notified about
this. I just found it by using the keyword from maintainers. Wrong
mailing list as Assignee, no CC to me. Such bug reports will be missed
because there is no way I can receive information about them. Why then
providing interface for bug reports which by design will not reach the
respective person?

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ