Re: Is the Linux kernel underfunded? Lack of quality and security?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Thanks for your detailed response, I will try to address those points
one by one.

Am So., 5. Jan. 2020 um 09:15 Uhr schrieb Greg KH <greg@xxxxxxxxx>:
> On Sun, Jan 05, 2020 at 04:49:32AM +0100, Evan Rudford wrote:
> > The problem of underfunding plagues many open source projects.
> Does it?  Citation please :)
> And compared to what exactly?

Linux might be hard to compare with other open source projects because
of its enormous scale.
But anyways, I saw many different open source projects that were
underfunded based on their "GitHub-situation".
Even large projects like "webpack"  seem to suffer from underfunding
right now. Here is a citation for you:
Also some "medium-sized" projects like tend to be underfunded unless a
company is willing to sponsor them.

> > Although code reviews and technical discussions are working well, I
> > argue that the testing infrastructure of the kernel is lacking.
> Does it?  No one can argue we are "doing to much testing", and more
> testing is always wanted, and happening, can you help with that effort?

Well, yes I would help, but it seems to be hard unless you are working
for one of those companies who are actually doing kernel-testing.

> > Severe bugs are discovered late, and they are discovered by developers
> > that should not be exposed to that amount of breakage.
> Specifics please.

This is perhaps only relevant for some specific users.
When I see a critical bug report, then I always ask the question:
Could this bug have been catched by a test-suite with reasonable
efforts compared to the size of the project?
Or is it such a weird corner case that no test-suite could have
realistically catched this bug, other than by pure luck?
For most projects, I tend to lean towards the first answer.

> Remember that Linux runs on _EVERYTHING_ so testing on _EVERYTHING_ is
> sometimes a bit hard and bugs only show up later on when people get
> around to running newer kernels on their specific hardware/workload.
> > Moreover, I feel that security issues do not receive enough resources.

This is perhaps hard to argue because the competition isn't good.
To be honest, I feel that neither Linux nor any other "major" OS is
reaching "high" security-standards.
It is a fallacy to think that the security-situation is good just
because nobody else is better.
And of course, rewriting Linux is nearly impossible, but I doubt that
Linux will ever become "truly secure" as long as everything is written
in C.
Let's face the reality: C is an excellent systems programming
language, but it is like an "unprotected chainsaw" with respect to

> Again, citation please?  I would argue that right now we have too many
> people/resources working on security issues that are really really minor
> in the overall scheme of things.
> greg k-h

I agree that the current security-efforts might not be well-directed
for the overall scheme of things.
However, I don't think that security has "too many" people in total.
It might be true that "minor" security-issues are eating too many
resources, but there are still "non-minor" security issues that are
not yet addressed.

[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux