|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
On 09/12/15 01:06, Josh Triplett wrote: > On Fri, Sep 11, 2015 at 11:27:32PM +0200, Laszlo Ersek wrote: >> On 09/11/15 21:30, Josh Triplett wrote: >>> On Fri, Sep 11, 2015 at 05:28:06PM +0200, Laszlo Ersek wrote: >>>> Breaking Debian Wheezy's and BITS's GRUB is also bad, but the former is >>>> very old (and has a clear upgrade path), while the latter is mainly used >>>> by developers (who can learn about the -fw_cfg switch by googling or >>>> asking on the least without huge trouble). In this case I'm leaning >>>> towards OVMF being "bleeding edge" by default. But, I could be convinced >>>> otherwise. >>> >>> I certainly think it makes sense for OVMF to adopt the feature sooner >>> than normal, and I agree that OVMF serves as a test case. But going >>> directly from "not possible to turn on" to "turned on by default", >>> without any period of "off by default but possible to turn on", seems a >>> bit unfortunate. >>> >>> That said, we could certainly fix BITS to use newer GRUB2, and use >>> (and document) -fw_cfg in the meantime. So I won't push *too* hard for >>> changing the default, just mildly. >> >> Okay. If I'll need to send a v2 for any reason, I'll incorporate this. >> If not, then I can post a followup patch later (stating that it's due to >> community feedback). > > Thanks! > >>> On a vaguely related note, what's the canonical place to report bugs in >>> OVMF? >> >> (Bugs? What bugs? :)) >> >> It's this list, <edk2-devel@xxxxxxxxxxxx>. > > There isn't a tracker of some kind? That's unfortunate. I won't disagree with you, but I'll note three things: (1) There isn't much use to a bug tracker if there aren't enough human resources to actually monitor that tracker, and work hard on the bugs. I can offer to monitor this list and work on bugs reported here the best I can. Bug fixing is hard and taxing; for *official* long-term bug tracking, some form of legal relationship is usually necessary. I do take my RHBZs very seriously. (2) OvmfPkg is one platform in edk2. I don't think OVMF / OvmfPkg should have its own separate tracker. And regarding a tracker for the entirety of edk2, there used to be one (still on sf.net), and nobody (no contributor or maintainer) cared. Goto (1). (3) I've seen first hand how Fedora bug tracker entries, Debian bug tracker entries, and upstream QEMU bug tracker entries are handled. Goto (1). As I said, I try to do my best with bugs reported on the list, both in tracking them and in fixing them, as my load allows. > But thanks; I'll send mail to the list when we discover an issue while > experimenting with BITS. Yes, please do that. And thank you. In my experience, other package maintainers (not just us in OvmfPkg) are pretty responsive if you report bugs for their packages on the list, especially if you can narrow it down (bisection, good reproducer etc). > > (Also, if you don't intend to use github's issue tracker, you might want > to turn it off so people don't file things there and expect a response.) That's a very good point. Jordan, can you please disable the issue tracker on github? Thanks Laszlo > > - Josh Triplett > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |