lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240929210004.GA1300946@thelio-3990X>
Date: Sun, 29 Sep 2024 14:00:04 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Paul Moore <paul@...l-moore.com>
Cc: Kees Cook <kees@...nel.org>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org,
	patches@...ts.linux.dev
Subject: Re: [PATCH] MAINTAINERS: Add security/Kconfig.hardening to hardening
 section

On Sun, Sep 29, 2024 at 10:20:59PM +0200, Paul Moore wrote:
> On September 28, 2024 8:26:28 PM Nathan Chancellor <nathan@...nel.org> wrote:
> > When running get_maintainer.pl on security/Kconfig.hardening, only the
> > security subsystem folks show up, even though they have never taken
> > patches to this file:
> > 
> >  $ scripts/get_maintainer.pl security/Kconfig.hardening
> >  Paul Moore <...> (supporter:SECURITY SUBSYSTEM)
> >  James Morris <...> (supporter:SECURITY SUBSYSTEM)
> >  "Serge E. Hallyn" <...> (supporter:SECURITY SUBSYSTEM)
> >  linux-security-module@...r.kernel.org (open list:SECURITY SUBSYSTEM)
> >  linux-kernel@...r.kernel.org (open list)
> > 
> >  $ git log --format=%cn --no-merges security/Kconfig.hardening | sort | uniq -c
> >        3 Andrew Morton
> >        1 Greg Kroah-Hartman
> >       18 Kees Cook
> >        2 Linus Torvald
> > 
> > Add it to the hardening section so that the KSPP folks are also shown,
> > which matches reality over who should comment on and take said patches
> > if necessary.
> > 
> > Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> > ---
> > MAINTAINERS | 1 +
> > 1 file changed, 1 insertion(+)
> 
> For the sake of casual observers, the reason James, Serge, or I haven't
> merged anything in Kconfig.hardening isn't due to any malicious intent or
> lack of appreciation, rather it is out of respect for KSPP and not wanting
> to step on Kees' toes.

Right, I did not mean for this to come off in an accusatory way, so my
apologies if it did. I merely wanted to codify this arrangement so that
patches get picked up or acked by the correct people in the future since
I had to send one earlier and I noticed it did not match reality (with
the data to prove it heh). I hope it is fairly obvious that Kees has a
good working relationship with you and the other security subsystem
folks if one pays attention to the mailing list :) and for the record,
even with this change, get_maintainer.pl still shows the security/
maintainers and list for this file, so you can still be kept in the loop
if so desired.

> I've happily merged KSPP related patches to those subsystems which I'm
> tasked with looking after and I plan to continue to do so.

Always happy to have as many KSPP allies as possible :)

Cheers,
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ