lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 11 Apr 2024 11:53:07 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Thorsten Leemhuis <linux@...mhuis.info>,
	Sasha Levin <sashal@...nel.org>, Jonathan Corbet <corbet@....net>,
	stable@...r.kernel.org, workflows@...r.kernel.org,
	linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 2/4] docs: stable-kernel-rules: mention "no
 semi-automatic backport"

On Thu, Apr 11, 2024 at 11:19:57AM +0200, Geert Uytterhoeven wrote:
> On Thu, Apr 11, 2024 at 11:13 AM Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
> > On Thu, Apr 11, 2024 at 09:50:24AM +0200, Thorsten Leemhuis wrote:
> > > On 11.04.24 09:40, Greg Kroah-Hartman wrote:
> > > > On Thu, Apr 11, 2024 at 08:59:39AM +0200, Thorsten Leemhuis wrote:
> > > >> On 11.04.24 07:29, Greg Kroah-Hartman wrote:
> > > >>> On Thu, Apr 11, 2024 at 07:25:04AM +0200, Thorsten Leemhuis wrote:
> > > >>>> Some developers deliberately steer clear of 'Fixes:' tags to prevent
> > > >>>> changes from being backported semi-automatically by the stable team.
> > > >>>> That somewhat undermines the reason for the existence of the Fixes: tag,
> > > >>>> hence point out there is an alternative to reach the same effect.
> > > > [...]
> > > >>> I do not understand, why are you saying "cc: stable" here if you do NOT
> > > >>> want it backported?
> > > >> Because the only alternative the developers have to make the stable team
> > > >> not pick a single patch[1] is to deliberately omit a Fixes: tag even if
> > > >> the patch normally should have one. Like it was done here:
> > > >> https://lore.kernel.org/all/cover.1712226175.git.antony.antony@secunet.com/
> > > > That feels odd, but ok I now see the need for this for some minor set of
> > > > changes (i.e. this has rarely come up in the past 15+ years)
> > > >
> > > > [...]
> > > >> E.g. 'ignore for the AUTOSEL and the "Fixes tag only" tools'. That was
> > > >> the best term I came up with.
> > > >
> > > > Thinking about it more, I think we need to be much more explicit, and
> > > > provide the reason why.
> > > >
> > > > How about:
> > > >     cc: <do-not-apply-to-stable@...nel.org> # Reason goes here, and must be present
> > > >
> > > > and we can make that address be routed to /dev/null just like
> > > > <stable@...nel.org> is?
> > >
> > > Totally fine with me, but that feels somewhat long and hard to type.
> >
> > I want it long and hard to type and very very explicit that this is what
> > the developer/maintainer wants to have happen (again, because this is
> > such a rare occurrence.)
> >
> > > How
> > > about just 'no-stable@...nel.org' (or 'nostable@...nel.org')?
> >
> > More words are better :)
> 
> And after that, someone discovers this turns out to be (a hard
> dependency for) a very critical fix that does need backporting?

Then we backport it and let the person know like always.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ