From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Steve French <smfrench@gmail.com>
Cc: Sachin Prabhu <sprabhu@redhat.com>,
Pavel Shilovskiy <pshilov@microsoft.com>,
Stable <stable@vger.kernel.org>
Subject: Re: [PATCH] CIFS: Remove encryption from the capabilities flags
Date: Tue, 11 Apr 2017 06:15:08 +0200 [thread overview]
Message-ID: <20170411041508.GA31108@kroah.com> (raw)
In-Reply-To: <CAH2r5msRCzwkKNzXx=M4r=6Gd89BP47MPToK+u6r5tAgrjPV+A@mail.gmail.com>
On Mon, Apr 10, 2017 at 11:04:04PM -0500, Steve French wrote:
> Pavel's point is a good one, but we need some feedback from those more
> familiar with the stable rules to decide if his small patch or a
> backport of a larger (but more valuable patch series) is the right
> answer.
>
> Basically,
> 1) A VERY important security feature (SMB3 encryption) was added (by
> Pavel) to the cifs.ko SMB3 client and is now upstream in mainline.
> Support for encrypted sessions and shares is crucial in many cases and
> is required for some servers now, but the patch series which
> implemented it is rather large for backport to 4.9 (15 patches). It
> is of huge value, and improves security in some cases obviously, but I
> don't know if his series is larger than allowed for stable.
If it is "huge value", and improves security, and is what is in Linus's
tree, then yes, it could be allowed for stable, that would be nice.
Feel free to send the patch series if you want them applied.
> 2) In the process of writing support for encryption - he noticed that
> when you don't have his encryption patch series, we had a bug in older
> clients (which his patch addresses). His patch is unneeded for
> current mainline. If we backport the encryption series, we wouldn't
> need it.
I always prefer to stick with what is in Linus's tree because we almost
always get something wrong when we don't do that.
thanks,
greg k-h
prev parent reply other threads:[~2017-04-11 4:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-27 23:20 [PATCH] CIFS: Remove encryption from the capabilities flags Pavel Shilovsky
2017-02-27 23:32 ` Steve French
2017-04-10 21:29 ` Pavel Shilovskiy
2017-04-11 3:41 ` Greg Kroah-Hartman
2017-04-11 4:04 ` Steve French
2017-04-11 4:15 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170411041508.GA31108@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=pshilov@microsoft.com \
--cc=smfrench@gmail.com \
--cc=sprabhu@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.