| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <D8GQRANRVU11.SI7SZ8RAXXF@proton.me> Date: Sat, 15 Mar 2025 09:44:33 +0000 From: Benno Lossin <benno.lossin@...ton.me> To: Tamir Duberstein <tamird@...il.com>, Miguel Ojeda <miguel.ojeda.sandonis@...il.com> Cc: Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, Brendan Higgins <brendan.higgins@...ux.dev>, David Gow <davidgow@...gle.com>, Rae Moar <rmoar@...gle.com>, Bjorn Helgaas <bhelgaas@...gle.com>, Luis Chamberlain <mcgrof@...nel.org>, Russ Weight <russ.weight@...ux.dev>, Rob Herring <robh@...nel.org>, Saravana Kannan <saravanak@...gle.com>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org, linux-kselftest@...r.kernel.org, kunit-dev@...glegroups.com, linux-pci@...r.kernel.org, linux-block@...r.kernel.org, devicetree@...r.kernel.org Subject: Re: [PATCH v3 6/6] rust: use strict provenance APIs On Fri Mar 14, 2025 at 11:20 PM CET, Tamir Duberstein wrote: > On Fri, Mar 14, 2025 at 6:00 PM Miguel Ojeda > <miguel.ojeda.sandonis@...il.com> wrote: >> >> On Fri, Mar 14, 2025 at 9:18 PM Benno Lossin <benno.lossin@...ton.me> wrote: >> > >> > I don't know when we'll be bumping the minimum version. IIRC 1.85.0 is >> > going to be in debian trixie, so eventually we could bump it to that, >> > but I'm not sure what the time frame will be for that. >> > >> > Maybe we can salvage this effort by gating both the lint and the >> > unstable features on the versions where it works? @Miguel, what's your >> > opinion? >> > >> > We could even make it simple, requiring 1.84 and not bothering with the >> > older versions. >> >> Regarding Debian Trixie: unknown, since my understanding is that it >> does not have a release date yet, but apparently mid May is the Hard >> Freeze and then it may take e.g. a month or two to the release. >> >> And when it releases, we may want to wait a while before bumping it, >> depending on how much time has passed since Rust 1.85.0 and depending >> on whether we managed to get e.g. Ubuntu LTSs to provide a versioned >> package etc. Yeah that's what I thought, thanks for confirming. >> If something simple works, then let's just go for that -- we do not >> care too much about older versions for linting purposes, since people >> should be testing with the latest stable too anyway. > > It's not going to be simple because `rust_common_flags` is defined > before the config is read, which means I'll have to sprinkle > conditional logic in even more places to enable the lints. > > The most minimal version of this patch would drop all the build system > changes and just have conditionally compiled polyfills for the strict > provenance APIs. Are folks OK with that? So you'd not enable the lint, but fix all occurrences? I think we should still have the lint (if it's too cumbersome, then let's only enable it in the kernel crate). --- Cheers, Benno
Powered by blists - more mailing lists