lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20121004104045.4fa02775@nehalam.linuxnetplumber.net>
Date:	Thu, 4 Oct 2012 10:40:45 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	Peter Senna Tschudin <peter.senna@...il.com>
Cc:	mlindner@...vell.com, kernel-janitors@...r.kernel.org,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 19/20] drivers/net/ethernet/marvell/skge.c: fix error
 return code

On Thu, 4 Oct 2012 19:32:12 +0200
Peter Senna Tschudin <peter.senna@...il.com> wrote:

> >> Stephen, I do not want to include function names on the commit
> >> message. What do you think about this updated message, is it
> >> acceptable?
> >>
> >
> > No still to generic, it needs to be written by a human examining
> > the file and understanding what the cause and effect of the bug
> > is.
> 
> Stephen I've understood what you want. But it is not clear to me why
> you want. Let me show what Coccinelle produces as output:
> 
> [peter@ace linux-next]$ spatch ../../cocci/ret4.cocci -dir .
> ...
> * TODO [[view:./drivers/net/ethernet/sun/sungem.c::face=ovl-face1::linb=2894::colb=1::cole=3][./drivers/net/ethernet/sun/sungem.c::2894]]
> [[view:./drivers/net/ethernet/sun/sungem.c::face=ovl-face2::linb=2966::colb=1::cole=3][./drivers/net/ethernet/sun/sungem.c::2966]]
> [[view:./drivers/net/ethernet/sun/sungem.c::face=ovl-face2::linb=3015::colb=1::cole=7][./drivers/net/ethernet/sun/sungem.c::3015]]
> ...
> 
> There is "no" automatic code transformation. The semantic patch I'm
> using only points out where to investigate to change, or not, the
> code. The output is in Emcas org-mode format. So I can tell you that
> the patches are not being robot generated. I'm making the patches, one
> by one, with great help of Coccinelle, but I'm making the code changes
> by hand.
> 
> I can't understand the advantages of describing each patch as you are
> asking. "For me" the generic commit message together with the patch
> makes sense.  Can you please help me on that?

The purpose of the commit message is not only so other developers understand
the patch. It is also so that the consumers (distro's and maintainers)
understand the scope of the impact.  It maybe that your effort uncovers
a really bad security hole that requires a CVE and a re-release of a 
major enterprise product like RHEL, or it could just be a minor corner
case that can never realistically happen. Unless you give a more complete
description, someone else will have to do it for each case.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ