lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 25 Jul 2023 15:03:14 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: valis <sec@...is.email>
Cc: Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
 jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us,
 davem@...emloft.net, edumazet@...gle.com, pctammela@...atatu.com,
 victor@...atatu.com, ramdhan@...rlabs.sg, billy@...rlabs.sg, Greg
 Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH net 0/3] net/sched Bind logic fixes for cls_fw, cls_u32
 and cls_route

On Tue, 25 Jul 2023 23:36:14 +0200 valis wrote:
> On Tue, Jul 25, 2023 at 10:09 PM Jakub Kicinski <kuba@...nel.org> wrote:
> > We don't know who you are. To my understanding the adjustment means
> > that you are not obligated to use the name on your birth certificate
> > but we need to know who you are.  
> 
> I could start a discussion about what makes a name valid, but I'm
> pretty sure netdev is not the right place for it.

Agreed, I CCed Greg KH to keep me honest, in case I'm outright
incorrect. If it's a gray zone kinda answer I'm guessing that
nobody here really wants to spend time discussing it.

> > Why is it always "security" people who try act like this is some make
> > believe metaverse. We're working on a real project with real licenses
> > and real legal implications.
> >
> > Your S-o-b is pretty much meaningless. If a "real" person can vouch for
> > who you are or put their own S-o-b on your code that's fine.  
> 
> I posted my patches to this mailing list per maintainer's request and
> according to the published rules of the patch submission process as I
> understood them.
> Sorry if I misinterpreted something and wasted anybody's time.
> 
> I'm not going to resubmit the patches under a different name.
> 
> Please feel free to use them if someone is willing to sign off on them.

If Jamal or anyone else feels like they can vouch for the provenance
of the code, I think that may be the best compromise.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ