Is @gregkh saying #linux kernel is at the point where testing it and reporting more security bugs does not have any value anymore? I am concerned.
"We are drowning in syzkaller reports and just throwing them at us doesn't really help anyone here anymore"
https://lore.kernel.org/dri-devel/20200710103910.GD1203263@kroah.com/ …
-
Bingo. We have plenty of paid developers for new features wanted by those companies paying for that work. We have almost no paid developers to do bug fixing and maintenance and patch reviews.
But it's always been this way, it's just that automated bug reporting tools like syzbot and the like stress the system in ways it has never been stressed as it shows the problem we have much better.
-
-
It's not the tools fault, keep them submitting and sending us stuff. It's just that fixing the issues reported is slow. Note, we have people stepping up to help with this, it just takes time to get them up to speed and we need more.
-
There are also some bugs that require intensive knowledge and that means it may come down to a few people to fix those and even they might take a while. Or often we end up in a long discussion about what the right strategy is. See the KCSAN fix I upstreamed ~2 weeks ago.
Koniec rozmowy
Nowa rozmowa -
Wydaje się, że ładowanie zajmuje dużo czasu.
Twitter jest przeciążony lub wystąpił chwilowy problem. Spróbuj ponownie lub sprawdź status Twittera, aby uzyskać więcej informacji.