lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 13 Nov 2007 09:08:32 -0500
From:	Mark Lord <liml@....ca>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	David Miller <davem@...emloft.net>, protasnb@...il.com,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	alsa-devel@...a-project.org, linux-ide@...r.kernel.org,
	linux-pcmcia@...ts.infradead.org,
	linux-input@...ey.karlin.mff.cuni.cz,
	bugme-daemon@...zilla.kernel.org
Subject: Re: [BUG] New Kernel Bugs

Ingo Molnar wrote:
..
> This is all QA-101 that _cannot be argued against on a rational basis_, 
> it's just that these sorts of things have been largely ignored for 
> years, in favor of the all-too-easy "open source means many eyeballs and 
> that is our QA" answer, which is a _good_ answer but by far not the most 
> intelligent answer! Today "many eyeballs" is simply not good enough and 
> nature (and other OS projects) will route us around if we dont change.
..

QA-101 and "many eyeballs" are not at all in opposition.
The latter is how we find out about bugs on uncommon hardware,
and the former is what we need to track them and overall quality.

A HUGE problem I have with current "efforts", is that once someone
reports a bug, the onus seems to be 99% on the *reporter* to find
the exact line of code or commit.  Ghad what a repressive method.

And if the "developer" who broke the damn thing, or who at least
"claims" to be supporting that code, cannot "reproduce" the bug,
they drop it completely.

Contrast that flawed approach with how Linus does things..
he thinks through the symptoms, matches them to the code,
and figures out what the few possibilities might be,
and feeds back some trial balloon patches for the bug reporter to try.

MUCH better. 

Linus also asks for a git bisect, but doesn't insist upon the reporter
learning an entire new (poorly documented) toolset just to to report a bug.

Blah!

And remember, *I'm* an old-time Linux kernel developer.. just think about
the people reporting bugs who haven't been around here since 1992..

-ml
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ