| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Apr 2024 11:57:04 +0200 From: Thorsten Leemhuis <linux@...mhuis.info> To: Geert Uytterhoeven <geert@...ux-m68k.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: Sasha Levin <sashal@...nel.org>, Jonathan Corbet <corbet@....net>, stable@...r.kernel.org, workflows@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v1 2/4] docs: stable-kernel-rules: mention "no semi-automatic backport" On 11.04.24 11:19, Geert Uytterhoeven wrote: > On Thu, Apr 11, 2024 at 11:13 AM Greg Kroah-Hartman > <gregkh@...uxfoundation.org> wrote: >> On Thu, Apr 11, 2024 at 09:50:24AM +0200, Thorsten Leemhuis wrote: >>> On 11.04.24 09:40, Greg Kroah-Hartman wrote: >>>> On Thu, Apr 11, 2024 at 08:59:39AM +0200, Thorsten Leemhuis wrote: >>>>> On 11.04.24 07:29, Greg Kroah-Hartman wrote: >>>>>> On Thu, Apr 11, 2024 at 07:25:04AM +0200, Thorsten Leemhuis wrote: >>>>>>> Some developers deliberately steer clear of 'Fixes:' tags to prevent >>>>>>> changes from being backported semi-automatically by the stable team. >>>>>>> That somewhat undermines the reason for the existence of the Fixes: tag, >>>>>>> hence point out there is an alternative to reach the same effect. >>>> [...] >>>>>> I do not understand, why are you saying "cc: stable" here if you do NOT >>>>>> want it backported? >>>>> Because the only alternative the developers have to make the stable team >>>>> not pick a single patch[1] is to deliberately omit a Fixes: tag even if >>>>> the patch normally should have one. Like it was done here: >>>>> https://lore.kernel.org/all/cover.1712226175.git.antony.antony@secunet.com/ >>>> That feels odd, but ok I now see the need for this for some minor set of >>>> changes (i.e. this has rarely come up in the past 15+ years) >>>> >>>> [...] >>>>> E.g. 'ignore for the AUTOSEL and the "Fixes tag only" tools'. That was >>>>> the best term I came up with. >>>> >>>> Thinking about it more, I think we need to be much more explicit, and >>>> provide the reason why. >>>> >>>> How about: >>>> cc: <do-not-apply-to-stable@...nel.org> # Reason goes here, and must be present >>>> >>>> and we can make that address be routed to /dev/null just like >>>> <stable@...nel.org> is? >>> >>> Totally fine with me, but that feels somewhat long and hard to type. >> >> I want it long and hard to type and very very explicit that this is what >> the developer/maintainer wants to have happen (again, because this is >> such a rare occurrence.) >> >>> How >>> about just 'no-stable@...nel.org' (or 'nostable@...nel.org')? >> >> More words are better :) > > And after that, someone discovers this turns out to be (a hard > dependency for) a very critical fix that does need backporting? Ask why the tag was set I guess. But yeah, that was among the minor reasons why I had come up with "no semiautomatic stable backport" thing, as it made the intention more clear. Maybe only-manual-stable-backport@...nel.org could help and is even longer. But I might be getting into bikeshedding territory here. :-D Ciao, Thorsten Cioao, Thorsten
Powered by blists - more mailing lists