Presentation from 2020: broken link to subsystems that don't tag for stable (slide 25)

ossf / wg-securing-critical-projects

Helping allocate resources to secure the critical open source projects we all depend on.

Apache License 2.0

326 stars 36 forks source link

Presentation from 2020: broken link to subsystems that don't tag for stable (slide 25) #22

Open kdave opened 3 years ago

kdave commented 3 years ago

Hi,

in the presentation (./presentations/The_state_of_the_Linux_kernel_security.pdf) slide 25 there's a link to subsystems that refuse to tag for stable, leading to https://groups.google.com/a/google.com/g/kernel-dynamic-tools/c/SZnwXich2tM/m/gTkaJXxxAQAJ , but there's nothing on that page, nor kernel-dynamic-tools seems to exist on lore.k.org. The google group itself https://groups.google.com/a/google.com/g/kernel-dynamic-tools/ says it's inaccessible.

Can somebody please be more specific what subsystem is it and post a working link? Thanks.

christo4ferris commented 2 years ago

Unless @dvyukov has that info, suggest we just close this issue.

dvyukov commented 2 years ago

Right, it's an internal link. Sorry. I've tried to find any similar public statements, but it's very hard to google for something like "subsystems don't mark patches for stable" b/c there are lots of LWN articles that mention all of these words...

kdave commented 2 years ago

I'm interested and curious if there's something to improve in the process, or if there's a subsystem not usually hit by security problems that should be more careful about that or what kind of issues/patches slip under the radar even if people care. There was not much to start with in the presentation IIRC, a link to discussion would be best of course, perhaps something for future security presentations.

dvyukov commented 2 years ago

Frankly I don't know the current status and if/how things have improved. Perhaps @gregkh and @sashalevin can share more on the current status of the stable process:

are there still subsystems that don't mark patches for stable, etc?
what does need improvement in the current stable process? Is there some link to description of the current status?

One problem that I think still exists is stable patches that don't automatically apply to older trees, such patches may be lost.

gregkh commented 2 years ago

Yes, there are currently still some major kernel subsystems that do not mark patches for the stable trees.
I don't know what you mean by "current status" of the stable process, the process is documented in the kernel tree, the status is the daily acceptance of patches marked for stable releases and us digging up and finding more and applying them as well.
For stable patches that do not apply to older trees, the authors are notified and if they think it is relevant, they can provide a working backport. Everyone is always strongly encouraged to always use the latest LTS release unless they really really think they know what they are doing :)

gregkh commented 2 years ago

And invalid link on the above presentation, that's not nice to do drive-by github requests with no context about private presentations...

kdave commented 2 years ago

The presentation is in this git repository, https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf