lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yzg7pHspc72I7TAb@mit.edu>
Date:   Sat, 1 Oct 2022 09:07:48 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     Thorsten Leemhuis <linux@...mhuis.info>
Cc:     "Artem S. Tashkinov" <aros@....com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
        workflows@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        ksummit@...ts.linux.dev
Subject: Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla
 blues"

On Sat, Oct 01, 2022 at 01:34:26PM +0200, Thorsten Leemhuis wrote:
> 
> Is that perfect and will in work in 100% of the cases? No, definitely
> not. Would it be good to have a a kind of first level support group that
> can help in this case? Sure. But we don't have one right now. I sooner
> or later hope to work towards forming such a group, but there are other
> things that are higher on my todo list for now.

I think the other thing which we really need to say is that if you
really want better support, there are plenty of places who will
happily accept your money and provide you that support.  

Artem, it seems to me that you are hoping that volunteers will provide
a commercial level of support --- and that's just never going to
happen.

The users vastly outnumber us developers by orders of magnitude, and
if someone needs a huge amount of hand-holding, maybe they should be
paying for a support contract with Red Hat, or Suse or Canonical, or
CIQ.

Can we do better?  Sure!  But I think we need to clearly set
expectations for what upstream developers will and will not provide
support for.  (Example: bug reports for LTS kernels are not
interesting to me, unless you can also reproduce them in the latest
upstream kernel --- and if you can't build your own kernel from
scratch --- boo, hoo, maybe you need to pay someone to help you out.)

I also think that we need to clearly express that any kind of support
is best efforts only, and if someone has anything business-, mission-,
or life-critical, they should darned well pay $$$ for a proper support
contract.

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ