[GIT PULL 2nd resend] leaking_addresses updates for 4.15

[GIT PULL 2nd resend] leaking_addresses updates for 4.15

[Tobin C. Harding]

The following changes since commit: bebc6082da0a9f5d47a1ea2edc099bf671058bd4

  Linux 4.14 (2017-11-12 10:46:13 -0800)

are available in the git repository at:

  https://github.com/tcharding/linux tags/leaking_addresses-4.15

for you to fetch changes up to a11949ec20635b43d82ee229315fd2e3c80c22a3:

  leaking_addresses: add SigIgn to false positives (2017-11-14 09:25:11 +1100)


Correct tag name. Clearly I am doing this manually, and failing pretty
hard. Sorry for the noise.

thanks,
Tobin.

------------------------------------------------------------------------------
leaking_addresses updates for 4.15

Here are development updates for the leaking_addresses.pl script.

First there is some clean up. Also we change the command line options;
add summary reporting functionality. We add a timeout to stop the script
blocking indefinitely and add SigIgn to false positive checks. We also
add infrastructure to handle multiple architectures and add support for
ppc64.

Signed-off-by: Tobin C. Harding <me@tobin.cc>

------------------------------------------------------------------------------

Tobin C. Harding (9):
  leaking_addresses: use tabs instead of spaces
  leaking_addresses: remove dead/unused code
  leaking_addresses: remove command line options
  leaking_addresses: fix comment string typo
  leaking_addresses: add to exclude files/paths list
  leaking_addresses: add summary reporting options
  leaking_addresses: add support for ppc64
  leaking_addresses: add timeout on file read
  leaking_addresses: add SigIgn to false positives

 scripts/leaking_addresses.pl | 370 +++++++++++++++++++++++++++++++++----------
 1 file changed, 283 insertions(+), 87 deletions(-)

Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15

[Tobin C. Harding]

On Tue, Nov 14, 2017, at 10:04, Tobin C. Harding wrote:
> The following changes since commit:
> bebc6082da0a9f5d47a1ea2edc099bf671058bd4
> 
>   Linux 4.14 (2017-11-12 10:46:13 -0800)
> 
> are available in the git repository at:
> 
>   https://github.com/tcharding/linux tags/leaking_addresses-4.15
> 
> for you to fetch changes up to a11949ec20635b43d82ee229315fd2e3c80c22a3:
> 
>   leaking_addresses: add SigIgn to false positives (2017-11-14 09:25:11
>   +1100)

Hi Linus,

I did not sign the tag, it looks like you have not processed this yet.
Do you want me to re-do the pull request on a signed tag?

thanks,
Tobin.

Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15

[Linus Torvalds]

On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@tobin.cc> wrote:
>
> I did not sign the tag, it looks like you have not processed this yet.
> Do you want me to re-do the pull request on a signed tag?

When pulling from github? Absolutely.

             Linus

Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15

[Tobin C. Harding]

Clearly I am unable to use email.

Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking
addresses stuff that may know my face.

Adding to CC: Michael - closest kernel developer by proximity that I
have had direct correspondence with.

Adding to CC: Konstantin - previous correspondence re kernel.org tree hosting. 

On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@tobin.cc> wrote:
> >
> > I did not sign the tag, it looks like you have not processed this yet.
> > Do you want me to re-do the pull request on a signed tag?
> 
> When pulling from github? Absolutely.

Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
key is not secure is it? Would it not be better to get into the web of
trust first before requesting you pull any code from me.

Web of trust presents a social problem that I am not versed in. With my
limited knowledge I can present the following solutions.

1. Get my key signed at linux.conf.au in January in Sydney.
2. Request a video call with _some_ number of kernel developers to sign
   key (suggested by Konstantin).
3. Drive to Canberra and meet face to face with Michael to sign key
   (if he would agree to that).

I'm guessing I've missed the boat for this merge window so the option
that imposes the least on other developers time is option 1, get my key
signed by a bunch of kernel developers at LCA.

Also, once I get in the web of trust I can apply to get my tree hosted
on git.kernel.org so you don't have to pull from GitHub.

Please advise when, and if, you have time.

thanks,
Tobin.

Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15

[Michael Ellerman]

"Tobin C. Harding" <me@tobin.cc> writes:

> Clearly I am unable to use email.
>
> Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking
> addresses stuff that may know my face.
>
> Adding to CC: Michael - closest kernel developer by proximity that I
> have had direct correspondence with.
>
> Adding to CC: Konstantin - previous correspondence re kernel.org tree hosting. 
>
> On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
>> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@tobin.cc> wrote:
>> >
>> > I did not sign the tag, it looks like you have not processed this yet.
>> > Do you want me to re-do the pull request on a signed tag?
>> 
>> When pulling from github? Absolutely.
>
> Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
> key is not secure is it? Would it not be better to get into the web of
> trust first before requesting you pull any code from me.

Linus will probably respond, but in short it's good to be in the web of
trust, but until you are it's still worth signing your tags.

When you do get some signatures on your key, then we'll be able to see
that all your existing pull requests were really from you.

At the end of the day what matters is that you send good code over a
period of time - and whether the Australian Government agrees that your
name is "Tobin Harding" is somewhat orthogonal to that.

> Web of trust presents a social problem that I am not versed in. With my
> limited knowledge I can present the following solutions.
>
> 1. Get my key signed at linux.conf.au in January in Sydney.

Sounds good, maybe we should have a 15 minute key signing slot at the
kernel miniconf.

> 2. Request a video call with _some_ number of kernel developers to sign
>    key (suggested by Konstantin).
> 3. Drive to Canberra and meet face to face with Michael to sign key
>    (if he would agree to that).

Yeah if you want to that's no problem, just give me some notice :)

cheers

Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15

[Tobin C. Harding]

On Thu, Nov 16, 2017 at 01:16:28PM +1100, Michael Ellerman wrote:
> "Tobin C. Harding" <me@tobin.cc> writes:
> 
> > Clearly I am unable to use email.
> >
> > Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking
> > addresses stuff that may know my face.
> >
> > Adding to CC: Michael - closest kernel developer by proximity that I
> > have had direct correspondence with.
> >
> > Adding to CC: Konstantin - previous correspondence re kernel.org tree hosting. 
> >
> > On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
> >> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@tobin.cc> wrote:
> >> >
> >> > I did not sign the tag, it looks like you have not processed this yet.
> >> > Do you want me to re-do the pull request on a signed tag?
> >> 
> >> When pulling from github? Absolutely.
> >
> > Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
> > key is not secure is it? Would it not be better to get into the web of
> > trust first before requesting you pull any code from me.
> 
> Linus will probably respond, but in short it's good to be in the web of
> trust, but until you are it's still worth signing your tags.
> 
> When you do get some signatures on your key, then we'll be able to see
> that all your existing pull requests were really from you.
> 
> At the end of the day what matters is that you send good code over a
> period of time - and whether the Australian Government agrees that your
> name is "Tobin Harding" is somewhat orthogonal to that.
> 
> > Web of trust presents a social problem that I am not versed in. With my
> > limited knowledge I can present the following solutions.
> >
> > 1. Get my key signed at linux.conf.au in January in Sydney.
> 
> Sounds good, maybe we should have a 15 minute key signing slot at the
> kernel miniconf.

I'll contact the organizer.

> > 2. Request a video call with _some_ number of kernel developers to sign
> >    key (suggested by Konstantin).
> > 3. Drive to Canberra and meet face to face with Michael to sign key
> >    (if he would agree to that).
> 
> Yeah if you want to that's no problem, just give me some notice :)

I understand that there is no rush now so driving seems silly. See you
in Sydney.

thanks,
Tobin.