Krzysztof Kozlowski
Posts
199Following
32Followers
216🇵🇱 🇪🇺 🇰🇷 🇮🇱 🇺🇦 🇨ðŸ‡
IRC: krzk
Kernel work related account. Other accounts of mine: @krzk@mastodon.social
Krzysztof Kozlowski
krzk
@linuxplumbersconf Hey Linux Plumbers! What is the point of the your mastodon account if you do not interact and do not respond here to any questions?
2
0
2
@siddhesh_p @gregkh @sj You did not really cover the case. Either this customer had outdated kernel, thus the group should not even start creating CVE, or this kernel did not have basic fix which was fixed 7 years ago. In the latter case it would be enough just to backport the fix, not go through ridiculous CVE assignment.
Anyway, it is not really professional and what RedHat is doing with CVEs is awesome example how useless CVEs are.
Anyway, it is not really professional and what RedHat is doing with CVEs is awesome example how useless CVEs are.
1
0
2
@siddhesh_p @gregkh @sj Independently? Something fixed 7 years ago? How can you trigger such bug?
I can barely believe that any customer discovered now a bug which was fixed 7 years ago. Even if this is possible, I can hardly believe any sane person on distro side would request for CVE for such bug, instead of replying: "dude, you forgot to update your system for the last 7 years".
So no, much more likely is that RedHat was actually shipping some crazy old kernel to some people without that fix and needed CVE to justify touching this old stuff...
I can barely believe that any customer discovered now a bug which was fixed 7 years ago. Even if this is possible, I can hardly believe any sane person on distro side would request for CVE for such bug, instead of replying: "dude, you forgot to update your system for the last 7 years".
So no, much more likely is that RedHat was actually shipping some crazy old kernel to some people without that fix and needed CVE to justify touching this old stuff...
1
0
0
@siddhesh_p @gregkh @sj Yeah, maybe they do not require CVE for every backport anymore... but then:
"Heh, apparently Red Hat recently assigned a CVE for a random kernel fix I did 7 years ago"
so not really.
https://mastodon.social/@vegard/110933167051678536
"Heh, apparently Red Hat recently assigned a CVE for a random kernel fix I did 7 years ago"
so not really.
https://mastodon.social/@vegard/110933167051678536
1
0
1
@sj Just in case - I was not offended and I just discuss the idea of measuring anything against CVEs.
I believe that in open-source work we should not be participating in this ridiculous CVE dance, unless of course it's our profession or job. Then... well, life. :) It was my job once too.
I understand why CVEs were invented and why they are still used, even though they were effectively made pointless in last few years. However, just because some corporations believe in them ("believe" is a key word here, because their decision about CVE was based on feelings not facts), does not mean we should be endorsing this or participating in this.
I believe that in open-source work we should not be participating in this ridiculous CVE dance, unless of course it's our profession or job. Then... well, life. :) It was my job once too.
I understand why CVEs were invented and why they are still used, even though they were effectively made pointless in last few years. However, just because some corporations believe in them ("believe" is a key word here, because their decision about CVE was based on feelings not facts), does not mean we should be endorsing this or participating in this.
1
0
1
@sj Since CVEs are basically useless, any percentage here or calling it "worst case time" is pointless. It's like measuring number of celebrities and mapping it to Linux kernel commits... Worse, it suggests that some bugs are not addressed (not fixed) or addressed slowly. This is in fact misleading.
1
0
1
@linuxplumbersconf Deadline for LPC 2023 refereed track and Kernel Summit passed two weeks ago. Any plans for sharing the schedule/program so people can do some planning?
0
0
0
Krzysztof Kozlowski
krzk
When review happens too fast:
"You replied within the same minute of me posting that patch, which is the fastest review I've had to date on an upstream kernel list. Before we continue, please verify:
[ ] I am not a robot"
From Brian Masney: https://lore.kernel.org/all/ZN5KIlI+RDu92jsi@brian-x1/
"You replied within the same minute of me posting that patch, which is the fastest review I've had to date on an upstream kernel list. Before we continue, please verify:
[ ] I am not a robot"
From Brian Masney: https://lore.kernel.org/all/ZN5KIlI+RDu92jsi@brian-x1/
0
1
9
Krzysztof Kozlowski
krzk
@marcan You look for developers, not maintainers. Maintainer, as name suggests, maintains the code, which does not necessarily mean active development. However, based on what you wrote, the key point is that existing maintainers did not bother to answer any questions or provide help, so most likely they do not fit the maintainer profile either...
1
0
0
@linuxplumbersconf That's cool, but when are you planning to announce accepted talks for LPC Refereed Track? I need to start planning the trip (including passport renewal which is a lot of time in my case, booking tickets and hotels etc)... not mentioning the need to actually write meaningful talk.
0
0
1
Krzysztof Kozlowski
krzk
@kwilczynski The sales trick is neat! Let's suck out of maintainers even money, not only their time!
RE: https://fosstodon.org/users/kwilczynski/statuses/110864258072128850
RE: https://fosstodon.org/users/kwilczynski/statuses/110864258072128850
0
0
1
@kwilczynski Although when I asked Sony to provide me with a Sony RC-S380 NFC card reader (for NFC maintenance), they send me a device immediately without questioning. Kudos to Sony. :)
0
0
3
Krzysztof Kozlowski
krzk
@kwilczynski No vendors stepped in to provide hardware for testing by Linux maintainers? No surprise...
There is somehow quite a big disconnection between big corporations making millions of products and Linux, and us - people actually developing Linux. Knowing enormous expenses in the marketing of big corporations, one could imagine what it is to donate a few boards to real Linux maintainers, right?
Nope.
I had a similar problem some time ago - till I gave up - with Samsung. I am the maintainer of Samsung SoC in Linux kernel, but all the boards were either purchased by me, donated by a friend in Germany, donated by a friend from Google or donated unofficially by a few good folks from Samsung R&D Poland.
When I asked Samsung Open-source or Samsung LSI (the one making SoCs I maintain) the answer was either silence or "no boards". One more board might now come from Samsung thanks to a project between Linaro and Samsung, but it is an exception.
And that makes me every time very rough in reviewing big-corporations code. Sorry guys, you do not play fair.
There is somehow quite a big disconnection between big corporations making millions of products and Linux, and us - people actually developing Linux. Knowing enormous expenses in the marketing of big corporations, one could imagine what it is to donate a few boards to real Linux maintainers, right?
Nope.
I had a similar problem some time ago - till I gave up - with Samsung. I am the maintainer of Samsung SoC in Linux kernel, but all the boards were either purchased by me, donated by a friend in Germany, donated by a friend from Google or donated unofficially by a few good folks from Samsung R&D Poland.
When I asked Samsung Open-source or Samsung LSI (the one making SoCs I maintain) the answer was either silence or "no boards". One more board might now come from Samsung thanks to a project between Linaro and Samsung, but it is an exception.
And that makes me every time very rough in reviewing big-corporations code. Sorry guys, you do not play fair.
1
1
3
@hyeyoo If this tartare is served very cold, then I think I tried it. It was very interesting, although not matching my preferences. The one we serve in my home country (Poland) is a bit different style - not that frozen. Oh, I really enjoyed horse tartare in Poland.
0
0
1