lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 4 Oct 2022 11:03:48 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Konstantin Ryabitsev <konstantin@...uxfoundation.org>
Cc:     Thorsten Leemhuis <linux@...mhuis.info>,
        "Artem S. Tashkinov" <aros@....com>,
        ksummit <ksummit-discuss@...ts.linuxfoundation.org>,
        workflows@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Greg KH <gregkh@...uxfoundation.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>
Subject: Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla blues"

On Tue, Oct 4, 2022 at 10:53 AM Konstantin Ryabitsev
<konstantin@...uxfoundation.org> wrote:
>
> 2. Create and maintain a mapping from MAINTAINER subsystem entries to
>    Product/Component categories in Bugzilla (the scheme to be established).

It's probably worth asking the 0day people what they do.

Maybe they do it all manually and have no real helping infrastructure,
but I see emails from them that often (but certainly not always) seem
to get the right people involved.

And while the MAINTAINER file is useful for a fiel mapping, I'm not
convinced it's all that useful for the "product/component category"
mapping, because I doubt people will actually fill that in well (and
reliably) enough.

With actual bisection data, it's fairly easy (get the emails from the
commit that got bisected). But things like "use the backtrace in the
oops to figure out who to add to participants" is likely a bit more of
a "use clever heuristics" kind of thing.

Anyway, I do think that some kind of automation would be really good,
at least for reports that have bisection information or backtraces in
them. Without automation, people _will_ be overwhelmed on the first
level response to bug reports (ie the "try to figure out who to bring
in" front).

But if the automation is too stupid, people will start ignoring the
report emails just on the assumption that it got thihngs wrong.

Of course, if the automation is really solid enough, I think it should
work on lore.kernel.org, not on just a bugzilla thing.

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ