Re: [RFC] -stable, how it's going to work.

[Greg KH <greg@kroah.com>]

On Wed, Mar 09, 2005 at 08:39:36PM +0100, Andi Kleen wrote:
> On Wed, Mar 09, 2005 at 10:34:08AM -0800, Greg KH wrote:
> > On Wed, Mar 09, 2005 at 10:56:33AM +0100, Andi Kleen wrote:
> > > Greg KH <greg@kroah.com> writes:
> > > >
> > > > Rules on what kind of patches are accepted, and what ones are not, into
> > > > the "-stable" tree:
> > > >  - It must be obviously correct and tested.
> > > >  - It can not bigger than 100 lines, with context.
> > > 
> > > This rule seems silly. What happens when a security fix needs 150 lines? 
> > 
> > Then we bend the rules and accept it :)
> > 
> > We'll take these as a case-by-case basis...
> > 
> > > >  - Security patches will be accepted into the -stable tree directly from
> > > >    the security kernel team, and not go through the normal review cycle.
> > > >    Contact the kernel security team for more details on this procedure.
> > > 
> > > This also sounds like a bad rule. How come the security team has more
> > > competence to review patches than the subsystem maintainers?  I can
> > > see the point of overruling maintainers on security issues when they
> > > are not responsive, but if they are I think the should be still the
> > > main point of contact.
> > 
> > Security fixes go from the security team to Linus's tree directly, and
> > usually the subsystem maintainer has already been notified and has
> > reviewedit.  At that point in time, they are public and accepted into
> 
> What guarantees that?

The kernel security team's proceedures.

> Basically what I would like to avoid is that the security team
> merges something through the backdoor that the maintainer considers crap.
> 
> If anything you should have a rule like
> 
> "Send to maintainer. If he doesn't ACK in 24h send it directly"
> 
> 
> > mainline, and need to be made availble to the -stable users as soon as
> > possible.
> > 
> > That is why the "fast track" is going to happen, the patch really was
> > reviewed properly, just not in public :)
> 
> Well, when you really want to have such formal rules (which is a novelty in 
> Linux space BTW, for many years we did fine with unwritten rules)  then you
> should spell it out completely. Or alternatively drop all the formal
> rules and do it informally like it was always done.

I'd love to do it informally, but the rules are going to be used to make
our lives easier, by having something to point to when we want to reject
something, and having something that everyone can refer to when trying
to understand what it is we are attempting to do here.

If they get too complex, or large, we will have to revisit them.

So, let's stop arguing about the semantics of the rules, and see if what
we have proposed actually works in real-life.  If that doesn't work out,
we can revisit it then.

thanks,

greg k-h