| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jul 2023 12:31:02 +0200
From: "Linux regression tracking (Thorsten Leemhuis)"
<regressions@...mhuis.info>
To: Jakub Kicinski <kuba@...nel.org>,
Krzysztof Kozlowski <krzk@...nel.org>
Cc: corbet@....net, workflows@...r.kernel.org,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
gregkh@...uxfoundation.org, Mark Brown <broonie@...nel.org>,
Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [PATCH docs] docs: maintainer: document expectations of small
time maintainers
[CCing other people in the thread]
On 14.07.23 19:10, Jakub Kicinski wrote:
> On Fri, 14 Jul 2023 06:36:41 +0200 Krzysztof Kozlowski wrote:
>> On 14/07/2023 00:34, Jakub Kicinski wrote:
> [...]
>>> +Bug reports
>>> +-----------
>>> +
>>> +Maintainers must respond to and address bug reports. The bug reports
>>
>> This is even more unreasonable than previous 1 day review. I don't have
>> capabilities to address bug reports for numerous drivers I am
>> maintaining. I don't have hardware, I don't have time, no one pays me
>> for it. I still need some life outside of working hours, so expecting
>> both reviews in 1 day and addressing bugs is way too much.
>>
>>> +range from users reporting real life crashes, thru errors discovered
>>> +in fuzzing to reports of issues with the code found by static analysis
>>> +tools and new compiler warnings.
>>> +
>>> +Volunteer maintainers are only required to address bugs and regressions.
>>
>> "Only required"? That's not "only" but a lot.
>
> I was trying to soften the paragraph for volunteers let me try to
> soften it.. harder?
>
>>> +It is understood that due to lack of access to documentation and
>>> +implementation details they may not be able to solve all problems.
>>
>> So how do I address? Say "Oh, that's bad"?
>
> How about:
>
> Bug reports
> -----------
>
> Maintainers must respond to bug reports of reasonable quality. The bug reports
> range from users reporting real life crashes, thru errors discovered
> in fuzzing to reports of issues with the code found by static analysis
> tools and new compiler warnings.
>
> It is understood that the hands of volunteer maintainers can often be tied
> by the lack of access to documentation, implementation details, hardware
> platforms, etc.
>
>
> I don't know how to phrase it better :( Obviously maintainers are
> expected to look at bug reports. At the same time we all know the
> feeling of being a maintainer of some crappy HW which sometimes
> doesn't work and all we can do is say "thoughts and prayers".
>
> IDK.
>
> The doc would be incomplete without mentioning that bug reports are
> part of maintainers' life :(
How about something like this:
```
Bug reports
-----------
Maintainers must ensure severe problems in their code reported to them
are resolved in a timely manner: security vulnerabilities, regressions,
compilation errors, data loss, kernel crashes, and bugs of similar scope.
Maintainers furthermore should respond to reports about other kind of
bugs as well, if the report is of reasonable quality or indicates a
problem that might be severe -- especially if they have *Supported*
status of the codebase in the MAINTAINERS file.
```
Ciao, Thorsten
Powered by blists - more mailing lists