linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: "Alexander A. Klimov" <grandmaster@al2klimov.de>
Cc: corbet@lwn.net, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: YAMA SECURITY MODULE
Date: Wed, 8 Jul 2020 15:54:47 -0700	[thread overview]
Message-ID: <202007081531.085533FC5@keescook> (raw)
In-Reply-To: <2c05c0c3-e72a-7cc6-3391-2e0d3bdf6b2c@al2klimov.de>

On Wed, Jul 08, 2020 at 08:22:03PM +0200, Alexander A. Klimov wrote:
> 
> 
> Am 08.07.20 um 10:05 schrieb Kees Cook:
> > On Wed, Jul 08, 2020 at 09:33:46AM +0200, Alexander A. Klimov wrote:
> > > Rationale:
> > > Reduces attack surface on kernel devs opening the links for MITM
> > > as HTTPS traffic is much harder to manipulate.
> > > 
> > > Deterministic algorithm:
> > > For each file:
> > >    If not .svg:
> > >      For each line:
> > >        If doesn't contain `\bxmlns\b`:
> > >          For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> > > 	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
> > >              If both the HTTP and HTTPS versions
> > >              return 200 OK and serve the same content:
> > >                Replace HTTP with HTTPS.
> > > 
> > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
> > > ---
> > >   Continuing my work started at 93431e0607e5.
> > >   See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master
> > >   (Actually letting a shell for loop submit all this stuff for me.)
> > > 
> > >   If there are any URLs to be removed completely or at least not HTTPSified:
> > >   Just clearly say so and I'll *undo my change*.
> As written here...

I interpreted that as "any URLs [changed by this patch]". I wanted no
URLs you changed to be removed nor not HTTPSified.

> > >   See also: https://lkml.org/lkml/2020/6/27/64

(You seem to be saying "any URLs [in the file]".)

> > >   If there are any valid, but yet not changed URLs:
> > >   See: https://lkml.org/lkml/2020/6/26/837

The URL I commented on was not valid and not changed by your patch.

> > > 
> > >   If you apply the patch, please let me know.
> > > 
> > > 
> > >   Documentation/admin-guide/LSM/Yama.rst | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/Documentation/admin-guide/LSM/Yama.rst b/Documentation/admin-guide/LSM/Yama.rst
> > > index d0a060de3973..64fd62507ae5 100644
> > > --- a/Documentation/admin-guide/LSM/Yama.rst
> > > +++ b/Documentation/admin-guide/LSM/Yama.rst
> > > @@ -21,7 +21,7 @@ of their attack without resorting to user-assisted phishing.
> > >   This is not a theoretical problem. SSH session hijacking
> > >   (http://www.storm.net.nz/projects/7) and arbitrary code injection
> > 
> > This link is dead. It is likely best replaced by:
> ... I'd undo this change.

You sent me a patch to update URLs, gave me (seemingly) explicit
instructions about which things would cause you to undo individual
changes, none of which seemed to trigger, so I offered an improvement,
that would add another HTTPS URL -- which is entirely within your stated
desires to have "[one] commit ... per one thing [you've]i done" for
a patch where the Subject is literally "Replace HTTP links with HTTPS
ones", for which I suggested an improvement.

> But as it's the only one here, just forget this patch.

You seem hostile to accepting feedback on how this patch could be
improved. It's one thing to use automation to help generate patches,
and I understand your apparent desires to keep it automated, but that
is not always how patch development turns out.

Your instructions appear to take a long way to just say "here's a patch,
take it or leave it" which seems pretty anti-collaborative to me.

-- 
Kees Cook

  reply	other threads:[~2020-07-08 22:54 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-08  7:33 Alexander A. Klimov
2020-07-08  8:05 ` Kees Cook
2020-07-08 18:22   ` Alexander A. Klimov
2020-07-08 22:54     ` Kees Cook [this message]
2020-07-09  6:45       ` Alexander A. Klimov
2020-07-09 18:31         ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202007081531.085533FC5@keescook \
    --to=keescook@chromium.org \
    --cc=corbet@lwn.net \
    --cc=grandmaster@al2klimov.de \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: [PATCH] Replace HTTP links with HTTPS ones: YAMA SECURITY MODULE' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).