From: "Theodore Tso" <tytso@mit.edu>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: Thorsten Leemhuis <linux@leemhuis.info>,
users@kernel.org, ksummit@lists.linux.dev
Subject: Re: slowly decommission bugzilla? (was: Re: kernel.org tooling update)
Date: Thu, 2 Apr 2026 09:07:06 -0400 [thread overview]
Message-ID: <20260402130706.GA15407@macsyma-wired.lan> (raw)
In-Reply-To: <20260402-expert-maroon-partridge-f77f94@lemur>
On Thu, Apr 02, 2026 at 12:59:46AM -0400, Konstantin Ryabitsev wrote:
> # git-bug
>
> The git-bug project aims to keep bug tracking integrated into the git
> repository itself. It's not a new project -- it's been around for a while,
> though its development has been advancing in spurts. The fundamentals are
> sound and the design is robust. It's an active project with ongoing
> development:
The documentation from git-bug is not great from the perspective of
someone who is trying to understand the security properties of the
system. But after looking at the architecture documents, I *think*
this is how it works. Please correct me if I'm wrong, perhaps git-bug
can improve their architecture docs?
1) A separate git repository is used for the bug store it's not the
same git repo as the project where the project's sources are stored.
(Your use of "the git repro" in your first paragraph made me made my
eyebrows --- *surely* we wouldn't put the bug tracking information in
linux.git, right? But looking at the the git-bug documentation, it
wasn't immediately obvious without my having to read way more
documentation pages than I would have liked. From git-bug's
perspective, if they want to keep people from running away screaming
before giving it a fair shake, they should think about having some
high-level architecture documents that explains how this actually
works.)
2) The primary way that git-bug seems to be focused is that "bridges"
are used to sync status between some other bug tracker (such as
github's issue tracker) and the git bug.
3) You *can* create new bugs via the git-bug CLI, but this
seems... weird, since only a person who has write access to a git repo
can create a bug. Sure, anyone can fork the git repo, and create a
bug in their local repo, but then in order to publish it, either (a)
you have to have credentials so you can publish to some publically
available bug tracker via a bridge, or (b) you can convince someone to
pull from your repo to get your new bug --- but that is going to have
to be a trusted source, because...
4) A git pull from some other bug tracking repo would completely
bypass any kind of anti-SPAM or quality checking. This is much like
how a maintainer might trust doing a git pull from a submaintainer,
but the submaintainer has to be trusted, because doing code review
before doing a pull is... possible, but it requires a human being to
sanity check a pull and make look for red flags, but in general you
only pull from trusted repositories. (Which is why I hate github PR's
as being a security disaster in waiting for Jia Tan style attacks, but
that's for another rant.)
5) If there are any data format attacks where a maliciously crafted
git-bug object can trigger some kind of security failure (SQL
injection, shell quoting attacks, ... the mind boggles), which can be
introduced either via a malicious issue that translates through a
bridge, or via a "git pull" from a trusted repository, this could be
used to attack either trusted infrastructure where the webui is
hosted, or a developer's development machine behind their firewall.
This is making me super nervous.
What am I missing? How can these concerns be mitigated?
- Ted
next prev parent reply other threads:[~2026-04-02 13:08 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-10 4:48 kernel.org tooling update Konstantin Ryabitsev
2025-12-10 8:11 ` Mauro Carvalho Chehab
2025-12-10 13:30 ` Thorsten Leemhuis
2025-12-11 3:04 ` Theodore Tso
2025-12-12 23:48 ` Stephen Hemminger
2025-12-12 23:54 ` Randy Dunlap
2025-12-16 16:21 ` Lukas Wunner
2025-12-16 20:33 ` Jeff Johnson
2025-12-17 0:47 ` Mario Limonciello
2025-12-18 13:37 ` Jani Nikula
2025-12-18 14:09 ` Mario Limonciello
2026-01-23 9:19 ` Web of Trust work [Was: kernel.org tooling update] Uwe Kleine-König
2026-01-23 9:29 ` Greg KH
2026-01-23 11:47 ` Mauro Carvalho Chehab
2026-01-23 11:58 ` Greg KH
2026-01-23 12:24 ` Mauro Carvalho Chehab
2026-01-23 12:29 ` Greg KH
2026-01-23 13:57 ` Konstantin Ryabitsev
2026-01-23 16:24 ` James Bottomley
2026-01-23 16:33 ` Greg KH
2026-01-23 16:42 ` Joe Perches
2026-01-23 17:00 ` Steven Rostedt
2026-01-23 17:23 ` James Bottomley
2026-01-23 18:23 ` Konstantin Ryabitsev
2026-01-23 21:12 ` Uwe Kleine-König
2026-01-26 16:23 ` Konstantin Ryabitsev
2026-01-26 17:32 ` Uwe Kleine-König
2026-01-26 21:01 ` Konstantin Ryabitsev
2026-01-26 23:23 ` James Bottomley
2026-01-27 8:39 ` Uwe Kleine-König
2026-01-27 21:08 ` Linus Torvalds
2026-02-04 10:49 ` Uwe Kleine-König
2026-02-05 10:14 ` James Bottomley
2026-02-05 18:07 ` Uwe Kleine-König
2026-02-05 18:23 ` Konstantin Ryabitsev
2026-01-26 23:33 ` Mauro Carvalho Chehab
2026-01-26 23:06 ` Mauro Carvalho Chehab
2026-01-23 21:38 ` James Bottomley
2026-01-23 22:55 ` Mauro Carvalho Chehab
2026-01-23 16:38 ` Konstantin Ryabitsev
2026-01-23 17:02 ` Paul Moore
2026-03-08 7:21 ` Uwe Kleine-König
2026-03-08 10:24 ` Greg KH
2026-03-18 14:02 ` Greg KH
2026-01-23 18:42 ` kernel.org tooling update Randy Dunlap
2026-02-26 8:44 ` slowly decommission bugzilla? (was: Re: kernel.org tooling update) Thorsten Leemhuis
2026-02-26 14:40 ` Andrew G. Morgan
2026-02-26 17:04 ` Andrew Morton
2026-02-27 11:07 ` Jani Nikula
2026-02-27 15:16 ` Steven Rostedt
2026-02-27 15:18 ` Mark Brown
2026-02-27 15:44 ` Steven Rostedt
2026-02-27 15:18 ` slowly decommission bugzilla? Sven Peter
2026-02-27 15:35 ` slowly decommission bugzilla? (was: Re: kernel.org tooling update) Richard Weinberger
2026-02-27 16:00 ` Geert Uytterhoeven
2026-02-27 16:22 ` Richard Weinberger
2026-02-27 16:29 ` Peter Zijlstra
2026-02-27 17:07 ` James Bottomley
2026-02-28 13:41 ` slowly decommission bugzilla? Thorsten Leemhuis
2026-02-28 15:17 ` Richard Weinberger
2026-02-28 17:40 ` Linus Torvalds
2026-02-28 18:29 ` Richard Weinberger
2026-02-28 20:26 ` Steven Rostedt
2026-02-28 20:28 ` Richard Weinberger
2026-02-28 20:56 ` Steven Rostedt
2026-03-01 15:23 ` Sasha Levin
2026-03-01 15:35 ` Laurent Pinchart
2026-03-01 15:42 ` Sasha Levin
2026-03-01 16:13 ` Laurent Pinchart
2026-03-01 16:27 ` Sasha Levin
2026-03-06 15:01 ` Laurent Pinchart
2026-03-07 16:19 ` Sasha Levin
2026-03-01 16:15 ` James Bottomley
2026-03-01 16:49 ` Laurent Pinchart
2026-03-02 8:55 ` Mauro Carvalho Chehab
2026-03-01 17:33 ` Linus Torvalds
2026-03-02 20:28 ` [RFC] kallsyms: embed source file:line info in kernel stack traces Sasha Levin
2026-03-03 5:39 ` Alexey Dobriyan
2026-03-03 12:44 ` Sasha Levin
2026-03-03 13:17 ` Steven Rostedt
2026-03-03 16:35 ` Sasha Levin
2026-03-06 15:22 ` Laurent Pinchart
2026-03-03 19:09 ` Alexey Dobriyan
2026-03-03 6:26 ` Richard Weinberger
2026-03-03 6:48 ` Tomasz Figa
2026-03-03 9:04 ` Vlastimil Babka (SUSE)
2026-03-03 12:45 ` Sasha Levin
2026-03-03 8:11 ` Geert Uytterhoeven
2026-03-03 9:31 ` Jiri Slaby
2026-03-03 12:47 ` Sasha Levin
2026-03-03 12:58 ` James Bottomley
2026-03-03 13:08 ` Jürgen Groß
2026-03-03 8:09 ` Geert Uytterhoeven
2026-03-03 22:44 ` Helge Deller
2026-03-03 22:47 ` Sasha Levin
2026-03-01 16:01 ` slowly decommission bugzilla? James Bottomley
2026-03-01 16:16 ` Sasha Levin
2026-03-01 16:25 ` James Bottomley
2026-03-01 16:33 ` Sasha Levin
2026-03-06 10:37 ` Richard Weinberger
2026-03-06 10:44 ` Geert Uytterhoeven
2026-03-15 14:58 ` Richard Weinberger
2026-03-16 11:28 ` Greg KH
2026-03-16 21:56 ` Richard Weinberger
2026-03-17 7:51 ` Greg Kroah-Hartman
2026-04-02 4:59 ` slowly decommission bugzilla? (was: Re: kernel.org tooling update) Konstantin Ryabitsev
2026-04-02 13:07 ` Theodore Tso [this message]
2026-04-02 13:28 ` Konstantin Ryabitsev
2026-04-02 14:08 ` Theodore Tso
2026-04-02 14:21 ` Konstantin Ryabitsev
2026-04-02 14:49 ` Steven Rostedt
2026-04-02 13:51 ` James Bottomley
2026-04-02 13:42 ` slowly decommission bugzilla? Thorsten Leemhuis
2026-04-02 14:04 ` Konstantin Ryabitsev
2026-04-02 14:15 ` Richard Weinberger
2026-04-02 15:45 ` Laurent Pinchart
2026-04-02 16:04 ` Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260402130706.GA15407@macsyma-wired.lan \
--to=tytso@mit.edu \
--cc=konstantin@linuxfoundation.org \
--cc=ksummit@lists.linux.dev \
--cc=linux@leemhuis.info \
--cc=users@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox