lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 Oct 2022 19:24:07 +0100
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     "Artem S. Tashkinov" <aros@....com>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        Mike Rapoport <rppt@...nel.org>, Theodore Ts'o <tytso@....edu>,
        Thorsten Leemhuis <linux@...mhuis.info>,
        Greg KH <gregkh@...uxfoundation.org>,
        Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
        workflows@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        ksummit@...ts.linux.dev,
        Mario Limonciello <mario.limonciello@....com>
Subject: Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla
 blues"

On Mon, Oct 03, 2022 at 10:20:29AM -0400, Steven Rostedt wrote:
> On Mon, 3 Oct 2022 09:40:43 +0000
> "Artem S. Tashkinov" <aros@....com> wrote:
> 
> > For instance, I've CC'ed Linus Torvalds _privately_ from Bugzilla twice
> > and he _chimed_ in and _helped_ resolve the bugs.
> 
> You didn't Cc Linus _privately_, because you Cc'd him from Bugzilla. I'm
> guessing that means it's a public conversation. Which is similar to Cc'ing
> a maintainer and a public mailing list.
> 
> > My messages to LKML
> > were _ignored_ by +1000 people subscribed to it.
> 
> LKML gets 800 emails a day. Nobody reads it (besides Jon Corbet and Andrew
> Morton). But if you send email to a maintainer privately without Cc'ing any
> public mailing list (or Bugzilla), then it will likely be ignored.

Way more than 800, IME.  And I'm still subscribed to it, even though
reading through the damn thing isn't physically possible.  About 1 or 2
percents gets past the "delete unopened" pass...

Speaking of private mail... there's one case when it's warranted -
a bug that looks like a sufficiently nasty security hole in something that
would be sufficiently widely deployed.  Preferably - with something along
the lines of "off-list due to potential security impact".

Still a matter of taste - security@ is an option for those...
 
> What we are saying is, you need to do both. Cc the maintainer _and_ a
> public mailing list. That way the maintainer knows others can see it, and
> could point someone else to look at it if they do not have the time, or
> they know someone who can better help.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ