On Thu, 8 Aug 2013 15:32:45 -0700 Greg KH wrote: > On Thu, Aug 08, 2013 at 04:37:32AM +0200, Tom Wijsman wrote: > > On Wed, 7 Aug 2013 15:44:34 -0700 > > Greg KH wrote: > > > > > I am not going to impose an additional burden on developers to get > > > their patches into the stable kernel releases like this, sorry. > > > > As I said, it's not your task; so, what you impose doesn't matter. > > What do you mean by that? I am the upstream stable kernel maintainer, > as well as a subsystem maintainer. I don't want to do the extra work > of tagging all of my stable patches with this type of information, I > can barely keep on top of the ones that I have to mark for stable as > it is. > > > ... > > But I will argue that you can not annotate them "properly". That is > imposing more work on me, a subsystem maintainer, that I will not do. Not just stable patches, but any patch; why delay till after the fact? Tagging at the time of committing is just a few extra characters. > > > Hint, the line between a bugfix and a security fix is not always > > > obvious, or even known at all. > > > > The developer knows; and if not, he can probably just mark it as a > > fix. > > Ok, so you have just now divided everything into "fix" or "feature". > As the "feature" patches are quite obvious, everything else must be > "fix". So why tag anything, your classification is already done for > you. If they are obvious, what's so hard abut tagging them? No classification is done if there is no single command to obtain them. > > > And what about all of the fixes I merge in, that _are_ really > > > security fixes, yet we do not want to shout it out to the world > > > at the moment? > > > > For known security bugs, being aware of a fix earlier helps. > > I don't understand what you mean here at all. Neither do I understand what you mean by not shouting it out; so, unless you have argumentation to not shout it out, I'm in the belief that the faster one is able to apply a security fix, the more secure he is as a result. If not shouting it out makes things more secure, then please state me how and why; because it only gives attackers more time. -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : TomWij@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D