Tools for kernel developers [LWN.net]

By Jonathan Corbet
September 23, 2024

Konstantin Ryabitsev started a session on development tooling at the 2024 Maintainers Summit by saying that he does not want to be a "wrecking ball". If a given workflow is working for people, he does not want to try to force any sort of change. That said, he has ideas for how he can continue his work on providing better tooling for the development community.

The use of the b4 tool is increasing, he said, and the new features for patch preparation and submission have been well received. He is working on a b4 review command that will ease the manual process of sending Acked-by and Reviewed-by tags for patches written by others. Jason Gunthorpe asked whether it will be possible to send free-form remarks along with the tags; the answer was "yes".

Another area of work is the "bugspray" bot that is intended to integrate the kernel bugzilla instance with the project's mailing lists and Git repositories. Use of bugspray within a given subsystem will require maintainer buy-in; those who do not like bugzilla are free to ignore it. Since bugspray can look at a report and try to figure out which subsystems are involved, Ryabitsev is thinking about removing all of the various subsystem components from the bugzilla server. Many of those components have not been used in years, but it is hard to tell which ones are active, and users can have difficulties choosing the correct one. Instead, users would just file bugs for the kernel and the bot would figure it out.

One thing that is needed, he said, is volunteers to be the first point of contact for bug reports. Thorsten Leemhuis said that he would be willing to do that if he could find funding for the work.

Ted Ts'o said that he needs the ability to move bugs between subsystems; often, as developers dig into why something is going wrong, they conclude that the bug is not where it first seemed to be. So, to be useful, bugspray needs to make it possible to reassign a bug.

Leemhuis pointed out a problem with the existing bugzilla instance. Email addresses, which must be provided to file a bug, are considered to be private information. Using a bug submitter's address to include them in email conversations is thus a GDPR violation, and evidently somebody has complained. Linus Torvalds said that there needs to be a public notice on the bugzilla site that email addresses are public; a similar thing was done with the kernel's developer certificate of origin years ago.

With regard to the lore email archive, Ryabitsev is working on providing pre-filtered email inboxes for specific subsystems. The Linux Foundation continues to fund work on the public-inbox archive system that underlies lore. There is experimental work on an automated "what's new" summary generator that could provide an overview of what is happening in a given subsystem. This feature uses a large language model to generate the summaries, and is "hit and miss" for now, he said.

There are early trials underway to provide development-forge services using Forgejo; nothing is publicly available yet.

What Ryabitsev wanted more than anything else was to find out if the maintainers in the room support the work that he is doing. Along with everything described above, that work includes maintaining the lore email archives, writing workflow documentation, helping new maintainers get started with the tools and processes, deploying new services, and maintaining the kernel keyring. The answer to that question was clear: the development community truly appreciates this work, and would like to see a lot more of it.

As things wound down, Leemhuis said that he would like to get his regzbot regression-tracking tool on the list of supported systems. It can do things that bugzilla cannot, he said, including monitoring outside trackers for information on regressions. There was some unfocused talk on the maintenance of the patchwork system and whether it still needs to exist. Ts'o asked for an authentication mechanism that would allow automated systems (such as continuous-integration testers) to get past kernel.org's increasingly fortified bot defenses.

At the close of the session, Ryabitsev said that he was happy to continue working to support the community, but that he could use more help. Keeping the email archives going, in particular, is a surprisingly labor-intensive task that makes it hard to get anything else done.

Index entries for this article
Kernel	Development tools
Conference	Kernel Maintainers Summit/2024

to post comments

GDPR

Posted Sep 23, 2024 22:23 UTC (Mon) by SLi (subscriber, #53131) [Link] (14 responses)

> Using a bug submitter's address to include them in email conversations is thus a GDPR violation, and evidently somebody has complained. Linus Torvalds said that there needs to be a public notice on the bugzilla site that email addresses are public.

While I'm sympathetic to requiring public email addresses for this, I'm not sure this works legally this way. Generally, GDPR is pretty resistant to services just opting out of it by a notice. T&C to claim you gave the right to whatever the service wanted was the situation before GDPR, and I'd consider it perhaps _the_ main point of GDPR that a consent to process personal information is not considered freely given (and thus valid) if being allowed to use the service is tied to giving the consent.

I'm not 100% convinced there's a major GDPR problem to begin with there, but if there is, it's unlikely it can be cured by inserting a note, especially where other workarounds like giving the submitter a bugzilla email address are possible.

GDPR

Posted Sep 24, 2024 7:26 UTC (Tue) by Wol (subscriber, #4433) [Link] (10 responses)

> I'd consider it perhaps _the_ main point of GDPR that a consent to process personal information is not considered freely given (and thus valid) if being allowed to use the service is tied to giving the consent.

Exactly that. The other point to bear in mind, is that the data is not being used for the purpose that consent was granted. If I file a bug, I *may* want to know about progress on the bug. There needs to be a tick box I can opt in/out on, and then GDPR is satisfied.

What this sounds like is that bug reports are being sprayed around in the expectation they will hit a relevant maintainer. That's a completely different consent requirement (which is presumably GDPR-compliant if the recipient actually is a maintainer) and is satisfied because you need to receive those emails to do your job as a maintainer.

Address the bug-reporter/maintainer dichotomy, and GDPR will disappear as a problem.

Cheers,
Wol

GDPR

Posted Sep 24, 2024 8:46 UTC (Tue) by Karellen (subscriber, #67644) [Link] (9 responses)

> If I file a bug, I *may* want to know about progress on the bug.

Doesn't a bug submitter need to be contactable to:

a) ask follow-up questions about how to reproduce the bug, or the environment the bug occurs in, if the maintainer cannot reproduce the bug from the steps given in the report?

b) ask the reporter to try various actions to help the bug manifest differently/show up more reliably/be worked around until a complete fix is developed?

c) ask the reporter to test proposed bug fixes

d) have the reporter confirm that the bug is fixed and can be closed, when the devs think they've got it.

Otherwise, isn't there a danger of a lot of bugs being closed with "WFM" or incomplete fixes? And isn't being able to contact a bug submitter part of providing the service of a bug tracker, and should easily fall under "To fulfill contractual obligations with a data subject" or "For the legitimate interests of a data controller"?

GDPR

Posted Sep 24, 2024 12:56 UTC (Tue) by SLi (subscriber, #53131) [Link] (8 responses)

Maybe, but since bugzilla knows their email address, there certainly are not-so-difficult arrangements where they can be contacted through the bugzilla. The divulging email address thing sounds purely like a convenience thing around which it sounds like there are many different ways.

GDPR

Posted Sep 24, 2024 13:09 UTC (Tue) by Wol (subscriber, #4433) [Link] (7 responses)

Reading the article again, it seems that the idea is to take "here's my email addy if you need to contact me", and broadcast it on a mailing list or whatnot. Imho that is a clear GDPR violation, and no a notice saying "the email addy you had to provide is public information" is likely just to get bugzilla into serious legal hot water.

At an absolute minimum, any addresses scraped that way would HAVE to be bcc'd, with a clear warning (probably at the top of the email) saying that by replying you are making your addy visible to everyone else on the list.

It's a pain having to work around this, but it shouldn't be that hard. There's no need to spray email addresses about in full view, so DON'T. As a previous poster said, you can't demand an email address and just assume it's public info. And you need to make it quite clear that participating in a discussion means you can expect others to want to reply to you ...

GDPR is about respecting other peoples' privacy. Don't out them without permission. If they out themselves, that's fine.

Cheers,
Wol

GDPR

Posted Sep 24, 2024 13:16 UTC (Tue) by mricon (subscriber, #59252) [Link] (4 responses)

The bugspray bot does not disclose the email address of the submitter, if the bug was opened via bugzilla itself -- so this discussion is kinda moot. E.g. here is the email thread it generates:
https://lore.kernel.org/linux-mmc/20240922-b218821c6-a6dc...

The original submitter is notified when the bug is updated, which does not disclose their email address.

-K

GDPR

Posted Sep 24, 2024 13:23 UTC (Tue) by Wol (subscriber, #4433) [Link] (3 responses)

> The bugspray bot does not disclose the email address of the submitter, if the bug was opened via bugzilla itself

Ah. So a storm in a teacup based on false assumptions ... How unusual :-)

Cheers,
Wol

GDPR

Posted Sep 24, 2024 15:06 UTC (Tue) by SLi (subscriber, #53131) [Link] (1 responses)

I thought the problem here is that some developers want to take things out of bugzilla to mailing lists, and for that reason "need" (read: want) the email addresses to be extractable from bugzilla.

GDPR

Posted Sep 24, 2024 15:42 UTC (Tue) by Wol (subscriber, #4433) [Link]

And as long as the bugzilla addresses are bcc'd by default (and not subscribed to the mailing list), that shouldn't be problematical. Impolite, borderline rude, but not a serious problem. If the reporter chooses to reply (and broadcast), then that's down to them.

Cheers,
Wol

GDPR

Posted Oct 4, 2024 7:35 UTC (Fri) by knurd (subscriber, #113424) [Link]

>> The bugspray bot does not disclose the email address of the submitter, if the bug was opened via bugzilla itself
> Ah. So a storm in a teacup based on false assumptions ... How unusual :-)

And I would call that a false assumption. ;-) Mainly for two reasons:

* For some subsystems bugzilla automatically CCs mailing lists; for those bugzilla currently exposes the email address of each commenter; see https://lore.kernel.org/all/?q=f%3Abugzilla-daemon for some examples.

* bugspray to my (maybe out of date) knowledge cannot be used for many bugs without changing the component/product field in bugzilla -- which some maintainers rely on, so it's best to not fiddle with that.

Ciao, Thorsten

GDPR

Posted Sep 24, 2024 15:03 UTC (Tue) by SLi (subscriber, #53131) [Link] (1 responses)

Yeah, I would agree (as I said in my original comment): I'm not sure there's a huge GDPR issue here, but if there is, I'm not sure the proposed solution works :)

GDPR

Posted Sep 24, 2024 15:05 UTC (Tue) by SLi (subscriber, #53131) [Link]

Oops, I misread your comment, in several ways. What I said above probably makes no sense :D

GDPR

Posted Sep 25, 2024 0:44 UTC (Wed) by schuyler_t (guest, #91921) [Link] (2 responses)

The Linux Foundation is a US domiciled foundation. Why don't they just ignore GDPR?

GDPR

Posted Sep 25, 2024 1:08 UTC (Wed) by Wol (subscriber, #4433) [Link]

I don't know exactly how consequences would be enforced, but if Google does what it's told despite being a huge American corp, I suspect it would be nice and easy to make LF do as they're told.

If the US thinks it's perfectly okay to extradite European citizens for doing stuff - in Europe - that is perfectly legal under European law, then the EU will have no qualms about clobbering US citizens for for doing things to Europeans that are illegal in Europe. Do we really want Linus afraid to return to Europe for fear of being arrested and heavily fined or jailed? Especially since he is a European citizen!

The easy approach would simply be to seize any European domain names, and order all European-based DNS servers to block queries for the IP address. Yup, that's easily got round for people who want to, but then the simple act of getting round the restrictions is a pretty active opt-in to letting the Americans (ab)use their data. At which point there can't be a GDPR violation :-)

Cheers,
Wol

GDPR

Posted Sep 25, 2024 6:05 UTC (Wed) by corbet (editor, #1) [Link]

The Linux Foundation has many European members and many dealings in Europe, including having just run a series of conferences there. Ignoring European law is not going to be an option for an organization like that.

Keep the subsystem components, have bugspray set them properly

Posted Oct 3, 2024 12:31 UTC (Thu) by Conan_Kudo (subscriber, #103240) [Link]

Since bugspray can look at a report and try to figure out which subsystems are involved, Ryabitsev is thinking about removing all of the various subsystem components from the bugzilla server. Many of those components have not been used in years, but it is hard to tell which ones are active, and users can have difficulties choosing the correct one. Instead, users would just file bugs for the kernel and the bot would figure it out.

I think the subsystem components are valuable, especially since they can be configured to notify the right people by being synced from the MAINTAINERS file. If we just tell users to file to a general category, and then once the bug is read, it can move it to the appropriate subsystem, that would be tremendously valuable.