lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 11 Mar 2023 21:21:58 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Willy Tarreau <w@....eu>
Cc:     Theodore Ts'o <tytso@....edu>, Sasha Levin <sashal@...nel.org>,
        Matthew Wilcox <willy@...radead.org>,
        Pavel Machek <pavel@....cz>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, viro@...iv.linux.org.uk,
        linux-fsdevel@...r.kernel.org
Subject: Re: AUTOSEL process

On Sun, Mar 12, 2023 at 05:32:32AM +0100, Willy Tarreau wrote:
> On Sat, Mar 11, 2023 at 12:53:29PM -0800, Eric Biggers wrote:
> > I'll try to put something together, despite all the pushback I'm getting.
> 
> Thanks.
> 
> > But
> > by necessity it will be totally separate from the current stable scripts, as it
> > seems there is no practical way for me to do it otherwise,
> 
> It's better that way anyway. Adding diversity to the process is important
> if we want to experiment with multiple approaches. What matters is to
> have multiple inputs on list of patches.
> 
> > given that the
> > current stable process is not properly open and lacks proper leadership.
> 
> Please, really please, stop looping on this. I think it was already
> explained quite a few times that the process is mostly human, and that
> it's very difficult to document what has to be done. It's a lot of work
> based on common sense, intuition and experience which helps solving each
> an every individual case. The scripts that help are public, the rest is
> just experience. It's not fair to say that some people do not follow an
> open process while they're using their experience and intuition. They're
> not machines.
> 

I mean, "patches welcome" is a bit pointless when there is nothing to patch, is
it not?  Even Sasha's stable-tools, which he finally gave a link to, does not
include anything related to AUTOSEL.  It seems AUTOSEL is still closed source.

BTW, I already did something similar "off to the side" a few years ago when I
wrote a script to keep track of and prioritize syzbot reports from
https://syzkaller.appspot.com/, and generate per-subsystem reminder emails.

I eventually ended up abandoning that, because doing something off to the side
is not very effective and is hard to keep up with.  The right approach is to
make improvements to the "upstream" process (which was syzbot in that case), not
to bolt something on to the side to try to fix it after the fact.

So I hope people can understand where I'm coming from, with hoping that what the
stable maintainers are doing can just be improved directly, without first
building something from scratch off to the side as that is just not a good way
to do things.  But sure, if that's the only option to get anything nontrivial
changed, I'll try to do it.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ