From: Dave Hansen <dave@sr71.net>
To: Sasha Levin <sashal@kernel.org>, ksummit@lists.linux.dev
Subject: Re: [MAINTAINERS SUMMIT] Quality standards for embargoed code
Date: Tue, 15 Aug 2023 10:19:21 -0700 [thread overview]
Message-ID: <53f0072b-91c0-0136-a689-f31e8508a862@sr71.net> (raw)
In-Reply-To: <ZNuuvS5BtmjcazIv@sashalap>
On 8/15/23 09:58, Sasha Levin wrote:
> I'd like to have a discussion about how the community handles code
> drops to address embargoed security issues: my concern is that we
> sidestap our regular development workflow (post patches, review,
> test, bots, etc...)
I couldn't agree more. Working on these issues feels like you're
hacking with one arm tied behind your back. Things are _way_ better
than they used to be, but the closer the folks working behind closed
doors get to the "regular" workflows, the better off everyone is.
> 1. Ask (require) organizations that repeatedly go through this mechanism
> to create a test environment that can demonstrate how the embargoed code
> passes different build/validation tests. We should set a minimal bar to
> the demonstrated quality of code that we'll "sneak" behind the backs of
> community members.
Intel does send things through 0day internally, with a few minor
differences from how public stuff gets tested. But, I don't think any
information about that internal testing ever makes it into the material
that get merged. We'll fix that.
> 2. Create a group of trusted "testers" who can test embargoed code with
> different (ideally "real") workloads and environments. I think that
> we're overly focused on keeping the circle of people in the know small.
The docs:
> https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
_should_ allow the "hardware security team" to add testers today:
> The hardware security team identifies the developers (domain experts)
> who will form the initial response team for a particular issue. The
> initial response team can bring in further developers (domain
> experts) to address the issue in the best technical way.
Do we need to make this more explicit that some of those developers
might be focused on testing?
> 3. Work with KernelCI/OpenSSF on setting up a (small) environment
> similar to the public one that we could run embargoed code through.
That would be really nice.
next prev parent reply other threads:[~2023-08-15 17:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-15 16:58 Sasha Levin
2023-08-15 17:18 ` Mark Brown
2023-08-15 18:10 ` Sasha Levin
2023-08-15 18:40 ` Mark Brown
2023-08-15 17:19 ` Dave Hansen [this message]
2023-08-15 18:19 ` Sasha Levin
2023-08-15 18:34 ` Dave Hansen
2023-08-15 19:57 ` Greg KH
2023-08-15 20:47 ` Mark Brown
2023-08-15 21:11 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53f0072b-91c0-0136-a689-f31e8508a862@sr71.net \
--to=dave@sr71.net \
--cc=ksummit@lists.linux.dev \
--cc=sashal@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox