[Ksummit-discuss] [MAINTAINERS SUMMIT] Handling of embargoed security issues

Linus Torvalds torvalds at linux-foundation.org
Thu Sep 6 20:56:50 UTC 2018


On Thu, Sep 6, 2018 at 12:18 PM Jiri Kosina <jikos at kernel.org> wrote:
>
> I am not completely sure what we could do to improve this, especially with
> our kernel community hats on -- I am pretty sure a lot is happening on the
> corporate level between individual "corporate stakeholders".

One particular pain point this last time around were the stable
backports, I feel.

A lot of that was that the actual *fixes* were marked for stable, but
quite often they were preceded by cleanups and other updates that
didn't actually fix things directly, and that weren't in themselves
explicitly marked for stable and didn't have a Fixes: tag, because
they were prep-work.

So we had _several_ nasty regressions in stable that never showed up
in mainline, because there was some non-obvious dependency that didn't
cause a merge conflict, but did cause a "this commit needed that other
commit to work right".

We should probably at least think about having a way to mark those.
Something like a "for-stable-because-of-subsequent-patches" tag?

Or just more eager use of the table cc? I often feel bad about adding
"cc: stable" to preparatory patches that don't actually fix the bug,
but I think it was bad this time around.

Of course, I also hope that we're over the worst.

               Linus


More information about the Ksummit-discuss mailing list