From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Mon, 24 Jun 2019 12:54:32 -0700 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 14BD9F74C3; Mon, 24 Jun 2019 19:54:21 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-226.ams2.redhat.com [10.36.116.226]) by smtp.corp.redhat.com (Postfix) with ESMTP id 94DFC600C0; Mon, 24 Jun 2019 19:54:19 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py To: "Wang, Jian J" , "devel@edk2.groups.io" , "dwmw2@infradead.org" , "Lu, XiaoyuX" Cc: "Ye, Ting" , Richard Levitte References: <1560928761-1867-1-git-send-email-xiaoyux.lu@intel.com> <821c1ef9bf8ae42b60627876b696a86cde1f6f84.camel@infradead.org> From: "Laszlo Ersek" Message-ID: <59b1f136-e1dd-257c-e45a-001358605b60@redhat.com> Date: Mon, 24 Jun 2019 21:54:18 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 24 Jun 2019 19:54:25 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 06/21/19 10:37, Wang, Jian J wrote: > Hi David, > > >> -----Original Message----- >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of David >> Woodhouse >> Sent: Friday, June 21, 2019 6:34 AM >> To: devel@edk2.groups.io; lersek@redhat.com; Lu, XiaoyuX >> >> Cc: Wang, Jian J ; Ye, Ting ; >> Richard Levitte >> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude >> err_all.c in process_files.py >> >> On Thu, 2019-06-20 at 16:46 +0200, Laszlo Ersek wrote: >>>> Please submit a PR to OpenSSL to add 'no-store' if you really don't >>>> want it. >>> >>> I actually agree about "no-store"; please see point (1) in my earlier >>> review here: >>> >>> http://mid.mail-archive.com/0c5b5e95-cb2c-75af-a30b- >> 015dac14b91c@redhat.com >> >> Hm, you told them to use no-store, and I think you were right. They >> seem to have refused purely because of the piffling detail that it >> didn't actually exist. I find this suboptimal. Here: >> >> https://github.com/openssl/openssl/pull/9206 >> > > Thanks for the PR. +1 > And I agree adding the 'no-store' is the right way to fix > this issue. But the problem here is that we fixated the openssl to one > release tag. We don't change it until we upgrade it to a newer release. > That means any fixes in openssl trunk cannot be used by edk2 immediately, > not to mention there's possibility that the PR will be rejected. So there's > always a lag (maybe a quarter or half year, at least) here. > > We have also product release pressure which cannot afford quarters of > waiting for such kind fixes in upstream. > > My personal opinion is that, we fix any issue, if we can, in edk2 immediately > for current version of openssl (as workaround), and try to fix it in upstream > for future release at the same time. Once upstream has fixed the issue and > edk2 has decided to upgrade to it, we drop the workaround in edk2. We can > file BZ to track such kind of works. > > For this patch, I suggest we still push it. We can drop it and use real fix once > we decide to upgrade openssl future release including your PR. Right, in the most recent particular case, the time pressure to get stuff into usable-at-all state, for edk2-stable201905, was huge. I agree that "reminder BZs" (about backing out temporary downstream fixes) is the way to go. Example: https://bugzilla.tianocore.org/show_bug.cgi?id=1897 Thanks Laszlo