lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 2 Oct 2022 18:18:01 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Laurent Pinchart <laurent.pinchart@...asonboard.com>
Cc:     "Artem S. Tashkinov" <aros@....com>, Theodore Ts'o <tytso@....edu>,
        Thorsten Leemhuis <linux@...mhuis.info>,
        Greg KH <gregkh@...uxfoundation.org>,
        Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
        workflows@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        ksummit@...ts.linux.dev,
        Mario Limonciello <mario.limonciello@....com>
Subject: Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla
 blues"

On Mon, 3 Oct 2022 00:06:58 +0300
Laurent Pinchart <laurent.pinchart@...asonboard.com> wrote:

> > 
> > If you are using fedora, go bug Red Hat, Ubuntu then Canonical. And
> > again, it comes down to if you have a paid subscription or not if you
> > are going to get anywhere with it.
> > 
> > Can this be annoying, sure. But that's how the open source ecosystem
> > works.  
> 
> The dichotomy between the community/hobbyist/free side and the
> commercial/professional/paid side is an argument I often hear, and often
> make myself. It is not, however, ineluctable.

But is still the essence of a community. Things only get done when it
benefits those that are doing it. The point of open source is that
collaborating has a benefit for all involved. But dealing with bugs
that do affect you directly, usually goes to the bottom of your
priority list. Not that you are not willing to do so, but it may only
get done when you have time to do it. And we all know how much time
kernel developers have.

> 
> We have shown multiple times that this barrier doesn't have to exist.
> The kernel is an impressive example of how companies and communities can
> cooperate to reach a result that no single entity could have achieved.
> It started with the development model and how it scaled, and other areas
> were tackled along the way, such as automated testing and quality
> control in general for instance. Lots of efforts went into creating
> solutions that could fulfil the unique needs of our development model,
> and into convincing large and small companies to invest, either money or
> time.
> 
> Are we doing a great job ? Certainly not. But we are moving forward. As
> Jon Corbet said several years ago in one of his talks, now that the
> Linux kernel has reached a leading position in many areas, we have lost
> the comfort of following other industry actors and have to innovate
> ourselves. That often means (and this thought is mine, not Jon's)
> winging it along the way. As impressive as some of our achievements may
> be, our failures to maintain some areas of the kernel in a professional
> way is also astonishing (https://xkcd.com/2347/ comes to mind). It's not
> entirely surprising: the community and (part-time) volunteer model means
> that everybody will tackle problems that interest them. Building a
> community that can deliver professional support is not an interesting
> task for everybody. It is, however, a key factor in the difference
> between a kernel subsystem that strives and a subsystem that survives.

Exactly. The problem is that this is an issue (getting general bug
reporting from users), but it's not a fatal one if you don't get it
right. The community tends to do what it takes to survive. It's usually
not until there's a well established threat that everyone changes how
they do things. Major updates to the kernel at the end of an -rc
release is unheard of, until there's a meltdown/spectre threat.

> 
> I believe the same holds true for bug tracking and support. At the end
> of the day, someone will need to pay for it, but we could shatter the
> traditional model here too. We could, given enough interest, bridge the
> gap between all involved parties and create a support model that would
> benefit everybody. It took years and huge efforts for Linux to evolve
> towards more professionalism in many areas, and it would take more years
> and more effort to continue and expand that, but I believe it would be
> feasible.

Linus went away and came back with git. Should we ask him to go away
and come back with a better bugzilla? :-D

> 
> Linux didn't start because Linus complained about existing operating
> systems, ranted on usenet forums and waited for someone to fix the
> problem. Someone will need to step up and lead the effrot here too. If
> that person could ignore for a while that this is an impossible task, I
> think they could succeed.
> 
> > If someone is not able to figure out how to use the mailing lists, it
> > is unlikely that they will be able to be useful in working with the
> > maintainer to solve their issue. As Ted mentioned, when asked to do
> > something to help analyze the issue, many times there's no response
> > from the reporter. Maybe because the reporter had no idea what the
> > maintainer wanted them to do. Most kernel bugs requires a constant back
> > and forth between the reporter and the developer. If you don't have
> > that, then there's no reason to bother with trying to fix the issue.
> > 
> > Ideally, someone (you?) would want to be a middle man and triage the
> > bugzilla reports and find those that look promising to get a fix
> > completed, and then be the liaison between bugzilla and the kernel
> > maintainer, then I think that could work. But the issue comes back to
> > manpower. Who's going to do that?  
> 
> On the topic of triage, I've found that distro developers often do a
> pretty good job. I've received multiple bug reports of great quality
> following problems initially posted to distro bug trackers, after the
> distro developers took the time needed to hold reporters by the hand to
> get all the required information. Kudos for that !
> 

This is what I was saying about having a liaison. It could work if we
have someone to do it. We have one volunteer (Slade), perhaps this
could turn out to be something more.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ