lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Jun 2023 17:02:10 +1000 (AEST)
From:   Finn Thain <fthain@...ux-m68k.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
cc:     Theodore Ts'o <tytso@....edu>, Jonathan Corbet <corbet@....net>,
        tech-board-discuss@...ts.linux-foundation.org,
        Kees Cook <keescook@...omium.org>,
        Dan Williams <dan.j.williams@...el.com>,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Documentation: Linux Contribution Maturity Model and
 the wider community

On Wed, 21 Jun 2023, Greg Kroah-Hartman wrote:

> On Wed, Jun 21, 2023 at 11:51:19AM +1000, Finn Thain wrote:
> > > You appear to have a very different model of how non-profits might 
> > > approach the Linux kernel --- could you go into more detail about 
> > > why they might want to contribute to the Linux kernel, and how we 
> > > might encourage them to contribute more engineering effort?
> > > 
> > 
> > Sure. Here's a recent example, in which a not-for-profit volunteer 
> > might have been granted an opportunity to work upstream: 
> > https://lore.kernel.org/all/129c9d5e-213a-80c9-092e-dc1dcf38ae3e@linux-m68k.org/
> > 
> > The driver in question may may not be commercially viable, but that 
> > doesn't matter, if the intention is to foster new maintainers and 
> > increase the talent pool. And the problem ostensibly being addressed 
> > in the Linux Contributor Maturity Model is a shortage of maintainers.
> 
> I would NEVER recommend ANYONE picking up obsolete hardware and trying 
> to get it to work to maintain the driver if NO ONE is actually using the 
> stuff.  That should not be for a not-for-profit to maintain as 
> obviously, no one uses it.
> 
> It's up to those that need/use the code to help maintain it, don't ask 
> not-for-profit groups to maintain and support code that no one uses, 
> that's a sure way to waste resources all around.
> 

Actually, that patch was offered without any prompting from me. But you're 
quite right -- I would have prompted it, had I had the oppportunity.

> So that's a good example of how our ecosystem works properly, if no one 
> needs the code, it gets dropped.  Don't ask for it to come back without 
> real users who are invested in it please.
> 

You mentioned wasted resources. If you want to generate e-waste, remove 
drivers from the kernel. If you want to prevent e-waste, add drivers for 
obsolete hardware and then watch the user count climb from zero as devices 
get pulled from drawers and dusted off.

Anyway, your reaction is an interesting example of strong feelings in the 
community as to how contributed code should or should not be used. E.g. 
some get upset if their code runs on weapons systems, others get upset if 
the latest release might not run on suitable hardware in the immediate 
future. Some add or remove licence terms according to their convictions.

If there was consensus, it might be feasible to give a formula for 
"recognized usage" which could be quantified. From there we could create a 
kind of heat map to show which commits, maintainers, processes, models, 
modules etc. were the most "useful" within some time interval.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ