[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Clarifying the state of ARINC653 scheduler (and other components) in Xen 4.5 and beyond



>>> On 08.06.15 at 22:59, <dario.faggioli@xxxxxxxxxx> wrote:
> On Mon, 2015-06-08 at 14:01 +0100, Lars Kurth wrote:
>> > On 8 Jun 2015, at 13:19, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
>> > 
>> > In MAINTAINERS S: Supported means:
>> > 
>> > "Someone is actually paid to look after this.", which I think is
>> > distinct from "This works well enough that the project is happy to
>> > recommend it is used in production". It's a shame that Supported can be
>> > taken to mean both things.
>> > 
>> > For reference Maintained is "Someone actually looks after it.".
>> > 
>> > Alternatively if someone can think of another way to express "paid
>> > maintainer" we could switch to that.
>>
>> And then there is of course the question what we do with ARINC653. 
>> 
> Not sure we actually need to do something. The status in MAINTAINERS is
> consistent with the existing semantic, as there's actually people
> actively looking after the scheduler (and paid to do so, AFAIK).
> 
> Wrt the wiki page, the best way of capturing the state of things is,
> basing on what's in there for the other schedulers, 'Supported' there
> too. The scheduler has a very limited scope, and is useful only in a
> handful of situations, and that's by design. But for those situations it
> works pretty well, AFAIK.
> 
> Moreover, there is people in the community providing help to interested
> users on how to set it up (there has been a thread on xen-users about
> this rather recently).
> 
> Whether we should recommend to use it in production, well, I think we
> could, of course for those people and only for them having a requirement
> for compliance with the ARINC653 standard, which certainly is not the
> most common thing around.

But you understand that one primary aspect of whether something
is to be considered supported is whether that code, if found to be
flawed, may end up triggering security advisories? I.e. apart from
people looking after it and people using it (or showing interest to do
so) we also need to be convinced that the code quality is good
enough. The situation of tmem (also marked Supported in
./MAINTAINERS) is the prime example of when that's not
(recognizably) the case. And the bug report (that luckily didn't need
to result in an XSA for other reasons) leading to
http://lists.xenproject.org/archives/html/xen-devel/2015-06/msg01018.html
shows that the code may not have got audited from a security
perspective.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.