Stale pages: FAQ/VariousKernelTrees OutreachyfirstpatchSetup

Duncan 1i5t5.duncan at cox.net
Fri Oct 21 20:48:47 EDT 2016


[I'm not subscribed.  Please CC me on followups.]

Two points:

1) The FAQ/VariousKernelTrees page is embarrassingly outdated with a
last update in 2007 and still referring to 2.6.* as current, while both
it and 3.x are arguably now historical status.

2) I actually followed a link to kernelnewbies from kernel.org, while
looking for current recommendations on /secure/ git remote URLs -- it
occurred to me that I really should replace my current git:// fetches
with something more secure, and I wondered what was current
best-practice. While rather less technical than most of the material
covered here, it seems neither kernel.org nor kernelnewbies.org has an
immediately obvious (including in the FAQ, at least that's immediately
obvious) link to a discussion of something so basic.

kernel.org does list https://git.kernel.org , but there's no real
discussion or recommendation of https vs. less secure protocols,
pointing out that git:// (apparently) isn't secure or indication of
whether the obvious gits:// will or won't work, and no indication that
the just as prominently listed rsync:// url (apparently) isn't secure
either, let alone any distinction in terms of what's available,
releases vs live git tree, between the three listings there
(http/git/rsync).

kernelnewbies.org does appear to have some basic instructions on the
OutreachyfirstpatchSetup page, but there's three problems with that:

a) Outreachy isn't immediately obvious as where one should look for
this.  I thought the front page outreachy link was to some
organizational blurb (for all I know it is as I followed a more
convoluted path to the above page), not a howto, and in terms of the
patches part, I already know how to apply patches but am more
personal systems admin and git kernel builder/tester/bug-reporter than
coder so don't really generate patches for more than private use, and
simply wanted information on updating my git pull URLs to something more
secure.

b) The staging tree might not be the best example for true kernel git
sources newbies, mainline is arguably a better one.

c) The example again appears dated and insecure, using the git://
protocol that the git-fetch manpage's GIT URLS discussion specifically
warns should be used with caution on unsecured networks like the
general internet, because it does no authentication and is /not/
secured.


FWIW, I'm going with the https://git.kernel.org link for now, but
thought it worth the trouble to at least post this as someone who can
do something about it definitely needs to update (or delete if not
considered with the trouble to update) those two pages at least, and
possibly provide a more obvious basic mainline kernel git setup link on
the front page, as well.  Because right now they're just adding to the
huge pile of outdated and now actively security-dangerous advice
about Linux out there on the net.

-- 
Duncan - No HTML messages please; they are filtered as spam.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



More information about the Kernelnewbies mailing list