lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZIBJadzmheKWCErq@rli9-mobl>
Date:   Wed, 7 Jun 2023 17:10:01 +0800
From:   Philip Li <philip.li@...el.com>
To:     Richard Weinberger <richard@....at>
CC:     Johannes Berg <johannes@...solutions.net>,
        Eric Biggers <ebiggers@...nel.org>,
        Azeem Shaikh <azeemshaikh38@...il.com>,
        "Maxim Krasnyansky" <maxk@....qualcomm.com>,
        anton ivanov <anton.ivanov@...bridgegreys.com>,
        linux-hardening <linux-hardening@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-um <linux-um@...ts.infradead.org>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        kernel test robot <lkp@...el.com>
Subject: Re: Reported-by/Closes tag for uncommitted issues (was: Re: [PATCH
 v2] uml: Replace strlcpy with strscpy)

On Wed, Jun 07, 2023 at 10:34:55AM +0200, Richard Weinberger wrote:
> ----- Ursprüngliche Mail -----
> > Von: "Johannes Berg" <johannes@...solutions.net>
> > On Tue, 2023-06-06 at 21:23 -0700, Eric Biggers wrote:
> >> 
> >> > > > Reported-by: kernel test robot <lkp@...el.com>
> >> > > > Closes:
> >> > > > https://lore.kernel.org/oe-kbuild-all/202305311135.zGMT1gYR-lkp@intel.com/
> >> > > 
> >> > > Are you sure Reported-by and Closes make sense?
> >> > > AFAIK the report was only on your first patch and nothing against upstream.
> >> > > So stating this in the updated patch is in vain.
> >> > 
> >> > I left the metadata in only for the sake of posterity. If it's not
> >> > helpful, I'm ok with removing it.
> >> > 
> >> 
> >> IMO using Reported-by in cases like this is harmful, as it makes commits seem
> >> like bug fixes when they are not.
> > 
> > I've yet to see anyone disagree with that, and yet, the robot actively
> > asks for such tags to be included in patch resubmissions.
> > 
> > On the one hand, I can understand their desire to be recognised for
> > their efforts. At this point then we might suggest that we introduce a
> > different tag, say "Improved-by:" or "Issues-found-by:" or something.
> 
> Robots don't have feelings. No need to worry. ;-)
>  
> > On the other hand, I don't feel like we should give a robot more
> > recognition than we give _people_ reviewing, and we currently really
> > only recognise them by a Reviewed-by tag. Then again, that doesn't work
> > with the robot - it is pretty much looking at each patch and only
> > comments on a small fraction. We also really don't want it to comment on
> > each and every patch ...
> > 
> > 
> > So it seems we should ask the robot maintainers to just stop suggesting
> > those tags?
> 
> Agreed.

Thanks all for the feedback. We will carefully consider how to present the
suggestion clearly.

For now, because the bot covers both upstream and developer repos, there
can be various situations, such as the bug is found in upstream. So the bot
tries to let author decide how to apply the tags in appropriate way that
they feel comfortable.

In the report, we now uses phrases like below

	If you fix the issue, kindly add following tag where applicable
	| Reported-by: kernel test robot <lkp@...el.com>
	| Closes: https://lore.kernel.org/oe-kbuild-all/202305311135.zGMT1gYR-lkp@intel.com/

But this may be not clear enough or not the best way to suggest. We will
consider whether we can detect some situations (like RFC patch) which is
no need for such tags to avoid confusion.

> 
> Thanks,
> //richard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ