[Rpm-maint] [rpm-software-management/rpm] Enhanced checks and a fuzz harness (#1559)
Panu Matilainen
notifications at github.com
Mon Nov 1 10:49:42 UTC 2021
Looking at this again after sleeping over it for *cough* a few *cough* nights, I'm going to have to close this.
An inordinate amount of time and effort has gone to reviewing this type of material this year, many of which turned out to be regressions either in the original patch or from the review process, and meanwhile many more important things have gone overlooked and/or haven't received the attention they deserve. In other words, the sheer amount of these well-intended, allegedly security oriented patches has created a priority inversion situation and an effective DoS on this project. We as a project shouldn't have let that happen but this was an unprecedented situation and mistakes have been made. Hopefully we'll all know better in the future.
https://rpm.org/contribute.html says: "When planning on major changes to either code or web-site, please discuss it first on the rpm mailing lists with the rpm.org development team."
I think this calls for a rewording as tonne of smaller changes may not seem like "major changes" but the effect is the same: a larger body of work requires significant time and effort on both parties, which need to be allocated and coordinated somehow. As in, if planning to submit 50 patches, please ask first whether such work in that particular area is welcome, and even then, learn to walk before trying to run.
The package reading internals will be revisited in time but that time is not now. I appreciate the effort but this kind of thing probably needs to be driven from inside the project.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1559#issuecomment-956127399
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211101/e9a07b04/attachment-0001.html>
More information about the Rpm-maint
mailing list