RFC: adding fd-passing to win32
David Rheinsberg
david.rheinsberg at gmail.com
Thu Aug 18 10:25:16 UTC 2022
Hi
On Tue, 9 Aug 2022 at 21:12, Thiago Macieira <thiago at kde.org> wrote:
> On Tuesday, 9 August 2022 10:32:42 PDT Simon McVittie wrote:
> > On Tue, 09 Aug 2022 at 21:00:42 +0400, Marc-André Lureau wrote:
> > > Well, how did we introduce 'h' in the first place? It didn't exist before
> > > 0.13 or something. Was that so problematic, can you point me to related
> > > issues?
> > CVE-2020-12049, CVE-2014-3637, CVE-2014-3636, CVE-2014-3635, CVE-2014-3533
> > and CVE-2014-3532, for a start...
>
> That was after adding the full functionality, which meant adapting the code
> that used it to support an extra D-Bus type. There are code generators to deal
> with, XML parsing, unit tests,etc.
>
> It's NOT trivial.
[...]
> [...] you'll first need to start with a spec update and you'll
> need to convince people like Simon and myself, who don't have as
> extensive Windows knowledge, that it is needed (and this thread
> is pointing that we aren't getting convinced).
Why is it so hard for the D-Bus community to welcome external
contributions, to encourage people to work on specification updates,
to support development efforts? Is this how we react to contributors
showing their prototypes? This thread has been very disappointing to
me.
Why has no list maintainer publicly replied to the suggestion to `work
on this elsewhere` and `[not] call it "D-Bus"`? Is that an acceptable
style of communication in the D-Bus community?
Why do we shower contributors in CVEs when they ask whether something
was problematic? Bugs happen, security problems happen, how is this a
good explanation for something being "problematic"? If it was
problematic, can't we tell them why, rather than showing the bugs _our
implementation_ had? CVE-2014-3635 is literally about a buffer
overflow, how is this relevant other than accidentally being in the
code that handles fd-passing?
Why do we so strongly discourage specification updates? Why always
talking about how hard something is, how much effort it is, how much
"convincing" is needed? I acknowledge that specification changes need
agreement across many parties, but why frame it as an argument against
working on something? Especially if the contributors hint that they
are ok with that extra effort?
I don't say adding 'H' is the way to go, but why is `it is a lot of
work` used as an argument, rather than just as a heads-up to the
contributor?
Why can't we encourage contributors more? Why can't we be more
welcoming, assisting? Tell them we acknowledge their work, and we
appreciate it? And if we don't have the time for welcoming
communication, why not just refrain from commenting at all?
I am devastated by the state of this community. There is so little
life left, so little enthusiasm. I am thankful for the maintenance
work, the occasional user Q/A on this list, but I don't feel like this
is a welcoming place anymore. When we published `bus1`, we heard
"[disappointed] to have read about this for the first time on LWN, and
not on the D-Bus mailing list". I feel even less motivated to post
here today than back then.
David
More information about the dbus
mailing list