Conversation

Apr 21, 2021

the whole "it's extremely difficult for us to verify that this kernel patch isn't malicious" business is a real indictment of C

Quote Tweet

Filippo Valsorda

@FiloSottile

Apr 21, 2021

Possibly unpopular opinion, but I feel like "only merge things after verifying they are valid" should maybe be the default policy of the most used piece of software in the world.

Show this thread

193

Replying to

There are plenty of other kinds of bugs to introduce

Tony "Abolish ICE" Arcieri

Replying to

and

Whataboutism. This blog post's intro is for you! tonyarcieri.com/it-s-time-for-

Replying to

and

I agree C is bad because of memory unsafety and fixing it closes a bunch of bugs. I don't think that it makes review harder

Replying to

and

Linux kernel maintainers realistically need to accept patches they don't understand and can't really review. The tooling, and by tooling I primarily mean C, doesn't allow them to build abstractions in a way that the code can actually be understood without tons of subtle context.

4:26 PM · Apr 21, 2021Twitter Web App

Replying to

C isn't the only problem. The monolithic kernel design is a huge part of the issue too. The project is far beyond the scale of human understanding. It isn't broken down into components people are capable of reviewing in isolation. C causes a similar problem at a language level.

Replying to

I think it's pretty rude to trick random maintainers and make them look bad. I wouldn't see any issue with doing it to people who have ridiculed safety/security/reliability work and the people who work on it. Don't like the whole tricking low-level people doing their job thing.

Show replies