lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMuHMdX8Ko_LiqsWafzcqheW_7SZmtzEvgrpBbyoCLxyWqjqBg@mail.gmail.com>
Date:   Mon, 3 Oct 2022 11:26:52 +0200
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     "Artem S. Tashkinov" <aros@....com>
Cc:     Mike Rapoport <rppt@...nel.org>, Al Viro <viro@...iv.linux.org.uk>,
        Steven Rostedt <rostedt@...dmis.org>,
        "Theodore Ts'o" <tytso@....edu>,
        Thorsten Leemhuis <linux@...mhuis.info>,
        Greg KH <gregkh@...uxfoundation.org>,
        Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
        workflows@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        ksummit@...ts.linux.dev,
        Mario Limonciello <mario.limonciello@....com>
Subject: Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla blues"

Hi Artem,

On Mon, Oct 3, 2022 at 11:16 AM Artem S. Tashkinov <aros@....com> wrote:
> On 10/3/22 08:55, Mike Rapoport wrote:
> > On Mon, Oct 03, 2022 at 07:41:08AM +0000, Artem S. Tashkinov wrote:
> >> On 10/2/22 23:04, Al Viro wrote:
> >>> On Sun, Oct 02, 2022 at 10:20:40PM +0000, Artem S. Tashkinov wrote:
> >>>> Bugzilla hasn't been updated in a very long time so it's missing both
> >>>> mailing lists and individual kernel developers.
> >>>>
> >>>> AFAIK, some pieces of kernel have no appropriate mailing lists at all.
> >>>> What about that? I've no clue.
> >>>
> >>> There's that file, right in the root of the source tree.  Called "MAINTAINERS",
> >>> in all-caps...  Could have something to do with locating maintainers, could it not?
> >>>
> >>>> Opt-in will work, except I've no idea how to make it work. Mass email
> >>>> all the kernel developers and politely invite them to sign up? Most will
> >>>> simply ignore it.
> >>>
> >>> Sigh...   You really don't seem to appreciate just how deep a septic
> >>> tank you've jumped into with your combination of "it should be opt-out"
> >>> and "but unsubscribing takes just a minute, what are you unhappy about?!?"
> >>>
> >>> Maybe you are not using email a lot, but for just about everyone who does...
> >>> We have heard that.  Many, many times.  From many sources - spammers,
> >>> "legitimate" companies' marketing departments, etc.
> >>>
> >>> And you keep moving along the same track - the usual reaction of some
> >>> company after having pulled back a bloody stump and enjoyed the pile of
> >>> explanations of the reasons why opt-out is *NOT* *ACCEPTABLE*, *EVER*
> >>> is along the lines of "OK, we'll just spam everyone in our database once
> >>> and ask them to opt-in - that must be OK, right?"
> >>
> >> Being on bugzilla does _not_ mean you'll receive a single email unless
> >> someone _specifically_ CC's you.
> >
> > If I'm not mistaken, bugzilla lets CC people explicitly. How the database
> > of emails in bugzilla would help choosing the right people to CC better
> > than MAINTAINERS?
> >
> > You repeated multiple times that bug reports sent to the mailing lists are
> > ignored, but what will make emails from bugzilla different from those bug
> > reports? Why do you think they will get more attention?
>
> Maybe because they are specific? Maybe because they are not part of a
> high volume mailing list such as LKML? Maybe because lots of developers
> are _not_ on any mailing lists?

If they're sent only to the maintainers, not to the subsystem mailing
lists, they may be ignored, as no one but the maintainer will be aware.

> Imagine instead you send your issue to a random mailing list. What is
> the chance another person with a similar issue will even find it?

Do not underestimate the power of search engines.

> Again the volume of bug reports is relatively low, fewer than two dozen
> a week.

Which proves this tool is insignificant in the grant scheme of (Linux)
things.

> * Multiple reporters can perfectly find the people who have made bad
> commits or who are responsible for certain drivers - it's safer to CC
> them _via_ Bugzilla than to email them _privately_ or via mailing lists
> which entails multiple issues including trust, SPAM, formatting,
> English, net etiquette, etc. etc. etc.

Never send bug reports privately, unless you have a monetary
relationship with the receiving end.  Always Cc the subsystem
mailing list, so anyone involved can help.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ