lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 11 May 2022 18:37:45 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Borislav Petkov <bp@...en8.de>,
        Thorsten Leemhuis <linux@...mhuis.info>,
        Thomas Gleixner <tglx@...utronix.de>,
        Zhangfei Gao <zhangfei.gao@...mail.com>,
        Fenghua Yu <fenghua.yu@...el.com>,
        Jean-Philippe Brucker <jean-philippe@...aro.org>,
        Jacob Pan <jacob.jun.pan@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        the arch/x86 maintainers <x86@...nel.org>
Subject: Re: Link: tag and links to submission and reports (was: Re: [GIT
 pull] core/urgent for v5.18-rc6)

On Wed, May 11, 2022 at 08:55:34AM -0700, Linus Torvalds wrote:
> On Wed, May 11, 2022 at 8:50 AM Theodore Ts'o <tytso@....edu> wrote:
> >
> > I would argue that it should be the patch submitter's responsibility
> > to explicitly add a URL to the problem report.
> 
> I agree in the perfect case.
> 
> But in practice, we have a lot more patch submitters than we have
> maintainers, and not all "leaf developers" necessarily know how to do
> everything.
> 
> So the maintainer should probably expect to fix things up. Not always,
> but also not a "the developer should have done this, so I won't do it"

Sure... but *because* maintainers are significantly outnumbered by the
patch submitters, what we should document is that it is the
developer's responsibility to provide the link, just as it is the
developer's responsibility to at least *try* to write a clear commit
description.

> This isn't so different from the fact that not everybody writes
> English proficiently - people do hopefully end up fixing things up as
> they get passed onwards.

Maintainers can be the backstop, sure, but if we are trying to make
Maintainers scale well, developers should at least feel obligated to
**try** to lighten the load on maintainers to the limits of their
ability.

And I have a bit more sympathy over someone who doesn't speak English
as their first language, over someone who can't be bothered to look up
a bug report link or a Syzkaller ID.

I guess we could always NACK such a patch until they provide that
information, but if it's for a critical bug fix, that's not
necessarily a good alternative either.  I guess that's why the
Maintainers get paid the big bucks....

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ