Hello!
Sorry for (so long!) delay -- we're trying to finalize the status
of our yet unmerged patches...
On 3/21/24 7:12 PM, Jarkko Sakkinen wrote:
[...]
>>>>>> Found by Linux Verification Center (linuxtesting.org) with Svace.
>>>>>
>>>>> I'm not sure if this should be part of the commit message.
>>>>
>>>> I have already submitted patches with this line, some have been
>>>> accepted. It is important for the Linux Verification Center to mark
>>>> patches as closing issues found with Svace.
>>>>
>>>>>>
>>>>>> Fixes: 7d30198ee24f ("keys: X.509 public key issuer lookup without AKID")
>>>>>> Suggested-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
>>>>>
>>>>> Should be reported-by.
>>>>
>>>> The suggested-by tag belongs to Sergey because he suggested the fix,
>>>> subject/description of the patch. The tag reported-by belongs to
>>>> Svace tool.
>>>
>>> 1. I did not see any reported-by tags in this which is requirement.
>>> 2. Who did find the issue using that tool? I don't put reported-by to
>>> GDB even if I use that find the bug.
>>
>> Svace is an automated bug finding tool. This error was found during
>> source code analysis by the program, so the tag reported-by does not
>> belong to any person. I don't know what to do in such a situation,
>> but write something like:
>>
>> Reported-by: Svace
>>
>> would be weird. I think that the line "Found by Linux ... with Svace"
>> could be a substitute for the tag.
>
> I'd prefer a person here that used the tool as it is not korg hosted
> automated tool.
It's a long ago established practice with the Linux Verification Center (http://linuxtesting.org): you can find 700+ merged patches with a similar
line (mentioning the LVC's website) and without the Reported-by tag:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=linuxtesting.org
> BR, Jarkko
MBR, Sergey
