Conversation

✨saleem✨
@saleemrash1d
the whole "it's extremely difficult for us to verify that this kernel patch isn't malicious" business is a real indictment of C
Quote Tweet
Filippo Valsorda
@FiloSottile
Possibly unpopular opinion, but I feel like "only merge things after verifying they are valid" should maybe be the default policy of the most used piece of software in the world.
Show this thread
Image
7
193
Daniel Micay
@DanielMicay
Replying to
@WatsonLadd
@bascule
and
@saleemrash1d
Linux kernel maintainers realistically need to accept patches they don't understand and can't really review. The tooling, and by tooling I primarily mean C, doesn't allow them to build abstractions in a way that the code can actually be understood without tons of subtle context.
1
14
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
@WatsonLadd
and 2 others
C isn't the only problem. The monolithic kernel design is a huge part of the issue too. The project is far beyond the scale of human understanding. It isn't broken down into components people are capable of reviewing in isolation. C causes a similar problem at a language level.
2
17
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
@WatsonLadd
and 2 others
I think it's pretty rude to trick random maintainers and make them look bad. I wouldn't see any issue with doing it to people who have ridiculed safety/security/reliability work and the people who work on it. Don't like the whole tricking low-level people doing their job thing.
1
12