lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YzmBjgXq9geMnL1B@mit.edu>
Date:   Sun, 2 Oct 2022 08:18:22 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     "Artem S. Tashkinov" <aros@....com>
Cc:     Thorsten Leemhuis <linux@...mhuis.info>,
        Greg KH <gregkh@...uxfoundation.org>,
        Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
        workflows@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        ksummit@...ts.linux.dev
Subject: Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla
 blues"

On Sat, Oct 01, 2022 at 02:58:04PM +0000, Artem S. Tashkinov wrote:
> 
> My expectations are actually quite low:
> 
> * A central place to collect bugs (yeah, bugzilla)
> * Proper up to date components (they don't change too often, so there's
> not a lot of work to be done - you can refresh them probably every 12-24
> months and it's gonna be totally OK)
> * An ability to CC the relevant people/mailing lists (this is the only
> serious missing feature)
> 
> That's it. It's a billion times better than random emails sent to random
> mailing lists. Signing up once is easier that to keep track of whom and
> where you've emailed or not. And of course it's a ton lot easier to find
> the existing bug reports.

First of all, some of the components do CC the relevant mailing lists
automatically.  And this is the part of Bugzilla which is hand-hacked
and has no, zero, nada support upstream.  I'll defer to Konstantin
about how easy it is to keep that working.

Secondly, not everyone is happy with getting an e-mail message sent to
a mailing list that has a lot of bugzilla metadata associated with it,
and depending on how they respond, the response might not make it back
to bugzilla.

Finally, in the absense of someone to actually close bugzilla entries
and do other necessary grooming, the bugzilla database will rapidly
become useless --- in which case, you might as well have a web form
that just helps the user send e-mail to the mailing list, and hope it
doesn't become a SPAM magnet.

> Bugzilla as it is works nearly perfectly. We have a number of developers
> who don't want to touch it or get emails from it - it's their right.
> However it would be madness to take it from users. That will make filing
> and following up on bug reports an absolutely poor experience for
> absolute most users.

At the moment, developers aren't following up on the bug reports.
There is some debate as to why.  Is it because users who can't figure
out how to send e-mail, and who send web-form based e-mails send low
quality bug reports that can't be easily responded to unless someone
is paid $$$ and/or has the patience of a saint?  Is it because
components aren't being gatewayed to mailing lists?

And if we force developers to get Bugzilla spam whether they want it
not, and they said, "absolutely not", is it there right to have the
mailing list gateway disabled --- and if so, what does that do to the
user experience?  Thats basically the situation we have right now.

     		  		      - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ