lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0d90ce60-a7cd-4fff-9db2-489531e3c944@lunn.ch>
Date: Wed, 15 Oct 2025 14:09:11 +0200
From: Andrew Lunn <andrew@...n.ch>
To: Rob Herring <robh@...nel.org>
Cc: Jakub Kicinski <kuba@...nel.org>, Conor Dooley <conor@...nel.org>,
	Frank Li <Frank.Li@....com>, Vladimir Oltean <olteanv@...il.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	Krzysztof Kozlowski <krzk+dt@...nel.org>,
	Conor Dooley <conor+dt@...nel.org>,
	"open list:NETWORKING DRIVERS" <netdev@...r.kernel.org>,
	"open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS" <devicetree@...r.kernel.org>,
	open list <linux-kernel@...r.kernel.org>, imx@...ts.linux.dev
Subject: Re: [PATCH 1/1] dt-bindings: net: dsa: nxp,sja1105: Add optional
 clock

> I also considered looking at who the email is from and restricting it
> to the maintainers. I know the netdev one doesn't do that either
> because I used it a couple of times. :) It does seem like it could be
> abused.

The netdev one does have some restrictions.

https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html#updating-patch-status

says:

  The use of the bot is restricted to authors of the patches (the
  From: header on patch submission and command must match!),
  maintainers of the modified code according to the MAINTAINERS file
  (again, From: must match the MAINTAINERS entry) and a handful of
  senior reviewers.

Here is one example from you:

https://patchwork.kernel.org/project/netdevbpf/patch/20241113225742.1784723-2-robh@kernel.org/

and it was your own patch.

All its actions are logged:

https://netdev.bots.linux.dev/pw-bot.html

so we can keep an eye of out for abuse. Plus, since it is an email to
patchwork, patchwork itself should have any abuse emails.

	Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ