From: "David Härdeman" <david@hardeman.nu>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: "Christopher J. PeBenito" <cpebenito@tresys.com>, selinux@tycho.nsa.gov
Subject: Re: Fedora refpolicy patches
Date: Wed, 16 Jul 2008 22:18:29 +0200 [thread overview]
Message-ID: <20080716201829.GC11166@hardeman.nu> (raw)
In-Reply-To: <487E4EAD.5070207@redhat.com>
On Wed, Jul 16, 2008 at 03:40:29PM -0400, Daniel J Walsh wrote:
>All of these suggestions are fine and yes if we had to do it all over
>again, every change would be documented with links to bugzilla.emails,
>conversations in the hall. I am looking for help to get it better under
>control. I am not looking for direct commit, or at least a commit via
>an ack process.
I'm sorry, but I still haven't understood what *kind* of help you're
looking for...except for wishing Chris had > 24h per day. :)
>Patches have been sent up stream in the past that have got lost in the
>volume of work that Chris has to do. Not his fault. But we have a
>system where we have only one person whose primary job is not to check
>in policy patches, having to review every patch.
So obviously something is wrong in the refpolicy patch acceptance
process? As a comparison, every single patch is applied by Linus to the
kernel (even though they've been filtered by maintainers first) and going
from 2.6.25 to 2.6.26-rc1 alone was 7555 patches.
>And we have the person
>generating most of the policy falling further and further behind. While
>the kernel has teams of engineers working on patches, reviewing them and
>applying them. They also have people who just cherry pick obvious fixes
>and apply them.
Well, I still don't know what should be done? Just splitting the RH patch
into per-module patches was a great help to me. Out of those 200+ patches,
about 50% were less than 100 lines and I'm guessing around 50% are of the
no-brainer kind (3 were 1000+ lines). If those 50% could be identified and
applied in quick succession by Chris...the RH patch wouldn't shrink by 50%
in number of lines but it would shrink by 50% in number of modules affected.
--
David Härdeman
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-07-16 20:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-16 16:56 Fedora refpolicy patches David Härdeman
2008-07-16 17:13 ` Daniel J Walsh
2008-07-16 17:44 ` David Härdeman
2008-07-16 18:19 ` Christopher J. PeBenito
2008-07-16 18:59 ` Daniel J Walsh
2008-07-16 19:29 ` David Härdeman
2008-07-16 19:40 ` Daniel J Walsh
2008-07-16 20:09 ` Brett Lentz
2008-07-18 12:32 ` Christopher J. PeBenito
2008-07-18 16:52 ` Brett Lentz
2008-07-16 20:18 ` David Härdeman [this message]
2008-07-16 22:35 ` Eric Paris
2008-07-16 20:19 ` Mike Edenfield
2008-07-17 18:00 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080716201829.GC11166@hardeman.nu \
--to=david@hardeman.nu \
--cc=cpebenito@tresys.com \
--cc=dwalsh@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.