[Libre-soc-dev] maybe get ryzen 7950x for faster compilation and avx512

Jacob Bachmeyer jcb62281 at gmail.com
Wed Sep 28 02:18:14 BST 2022 

Jacob Lifshay wrote:
> On Tue, Sep 27, 2022 at 4:41 PM Jacob Bachmeyer via Libre-soc-dev
> <libre-soc-dev at lists.libre-soc.org> wrote:
>   
>> You are also in a very obscure niche.  How many people, other than the
>> major active participants, are likely to even run the
>> simulations/analyses in the first place, much less be able to understand
>> the results and recognize a problem?  Would an issue found by someone
>> outside the project but (due, in this hypothesis, to subversion) not
>> reproducible on the project's machines be taken seriously?  Or would it
>> simply be closed as "WORKSFORME"?
>>
>> OpenSSL is another FOSS project.  How long did Heartbleed go unnoticed?
>>     
>
> OpenSSL is not a good example because there were no tests for
> Heartbleed, whereas we do have formal proofs (they automatically cover
> all corner cases if written correctly; OpenSSL did not have formal
> proofs that could have caught Heartbleed) and unit tests that can be
> relatively easily run by others.

None of that matters if no one who can understand the issue actually 
looks at it.  Heartbleed would not have required tests or formal proofs 
to discover -- it was right there in the code.  No one looked at it, 
until someone did and all hell broke loose.

There is /no/ guarantee that anyone other then the author will ever look 
at FOSS code.  Sure, anyone /could/ inspect the code, and this helps to 
keep honest people honest and raises the chance of a malicious actor 
getting caught, but it is /not/ a guarantee.

How long does the testsuite run in a session?  The more time that 
requires, the lower the chance that any random bystander outside of the 
project will actually run it.  How complex is the setup to run it?  The 
more complex it is, the lower the chance that person will actually 
believe their own results when the "official" results are that 
everything is fine.

Do not count on bystanders to detect subversion in your project.


-- Jacob

More information about the Libre-soc-dev mailing list