lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20071113.043207.44732743.davem@davemloft.net>
Date:	Tue, 13 Nov 2007 04:32:07 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	akpm@...ux-foundation.org
Cc:	protasnb@...il.com, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org, alsa-devel@...a-project.org,
	linux-ide@...r.kernel.org, linux-pcmcia@...ts.infradead.org,
	linux-input@...ey.karlin.mff.cuni.cz,
	bugme-daemon@...zilla.kernel.org
Subject: Re: [BUG] New Kernel Bugs

From: Andrew Morton <akpm@...ux-foundation.org>
Date: Tue, 13 Nov 2007 04:12:59 -0800

> On Tue, 13 Nov 2007 03:58:24 -0800 (PST) David Miller <davem@...emloft.net> wrote:
> 
> > From: Andrew Morton <akpm@...ux-foundation.org>
> > Date: Tue, 13 Nov 2007 03:49:16 -0800
> > 
> > > Do you believe that our response to bug reports is adequate?
> > 
> > Do you feel that making us feel and look like shit helps?
> 
> That doesn't answer my question.
> 
> See, first we need to work out whether we have a problem.  If we do this,
> then we can then have a think about what to do about it.
> 
> I tried to convince the 2006 KS attendees that we have a problem and I
> resoundingly failed.  People seemed to think that we're doing OK.
> 
> But it appears that data such as this contradicts that belief.
> 
> This is not a minor matter.  If the kernel _is_ slowly deteriorating then
> this won't become readily apparent until it has been happening for a number
> of years.  By that stage there will be so much work to do to get us back to
> an acceptable level that it will take a huge effort.  And it will take a
> long time after that for the kerel to get its reputation back.
> 
> So it is important that we catch deterioration *early* if it is happening.

You tell me what I should spend my time working on, and I promise to
do it OK? :-)

For example, if I have a choice between a TCP crash just about anyone
can hit and some obscure issue only reported with some device nearly
nobody has, which one should I analyze and work on?

That's the problem.  All of us prioritize and it means the chaff
collects at the bottom.  You cannot fix that except by getting more
bug fixers so that the chaff pile has a chance to get smaller.

Luckily if the report being ignored isn't chaff, it will show up again
(and again and again) and this triggers a reprioritization because not
only is the bug no longer chaff, it also now got a lot of information
tagged to it so it's a double worthwhile investment to work on the
problem.

I think a lot of bugs that "aren't getting looked at" are simply
sitting in some early stage of this process.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ