lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bb8c6476-283c-3bc6-710b-5a8602ccd40e@leemhuis.info>
Date:   Sat, 15 Jul 2023 12:31:02 +0200
From:   "Linux regression tracking (Thorsten Leemhuis)" 
        <regressions@...mhuis.info>
To:     Jakub Kicinski <kuba@...nel.org>,
        Krzysztof Kozlowski <krzk@...nel.org>
Cc:     corbet@....net, workflows@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        gregkh@...uxfoundation.org, Mark Brown <broonie@...nel.org>,
        Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [PATCH docs] docs: maintainer: document expectations of small
 time maintainers

[CCing other people in the thread]

On 14.07.23 19:10, Jakub Kicinski wrote:
> On Fri, 14 Jul 2023 06:36:41 +0200 Krzysztof Kozlowski wrote:
>> On 14/07/2023 00:34, Jakub Kicinski wrote:
> [...]
>>> +Bug reports
>>> +-----------
>>> +
>>> +Maintainers must respond to and address bug reports. The bug reports  
>>
>> This is even more unreasonable than previous 1 day review. I don't have
>> capabilities to address bug reports for numerous drivers I am
>> maintaining. I don't have hardware, I don't have time, no one pays me
>> for it. I still need some life outside of working hours, so expecting
>> both reviews in 1 day and addressing bugs is way too much.
>>
>>> +range from users reporting real life crashes, thru errors discovered
>>> +in fuzzing to reports of issues with the code found by static analysis
>>> +tools and new compiler warnings.
>>> +
>>> +Volunteer maintainers are only required to address bugs and regressions.  
>>
>> "Only required"? That's not "only" but a lot.
> 
> I was trying to soften the paragraph for volunteers let me try to
> soften it.. harder?
> 
>>> +It is understood that due to lack of access to documentation and
>>> +implementation details they may not be able to solve all problems.  
>>
>> So how do I address? Say "Oh, that's bad"?
> 
> How about:
> 
>   Bug reports
>   -----------
> 
>   Maintainers must respond to bug reports of reasonable quality. The bug reports
>   range from users reporting real life crashes, thru errors discovered
>   in fuzzing to reports of issues with the code found by static analysis
>   tools and new compiler warnings.
> 
>   It is understood that the hands of volunteer maintainers can often be tied
>   by the lack of access to documentation, implementation details, hardware
>   platforms, etc.
> 
> 
> I don't know how to phrase it better :( Obviously maintainers are
> expected to look at bug reports. At the same time we all know the
> feeling of being a maintainer of some crappy HW which sometimes 
> doesn't work and all we can do is say "thoughts and prayers". 
> 
> IDK. 
> 
> The doc would be incomplete without mentioning that bug reports are
> part of maintainers' life :(

How about something like this:

```
Bug reports
-----------

Maintainers must ensure severe problems in their code reported to them
are resolved in a timely manner: security vulnerabilities, regressions,
compilation errors, data loss, kernel crashes, and bugs of similar scope.

Maintainers furthermore should respond to reports about other kind of
bugs as well, if the report is of reasonable quality or indicates a
problem that might be severe -- especially if they have *Supported*
status of the codebase in the MAINTAINERS file.
```

Ciao, Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ