A question I've had on my mind for a while:
In the Linux kernel, what is the reason to have a "subsystem trees" model instead of a central tree with one main branch and one "next" branch?
Is it only so that Linus Torvalds can reject changes before they land, and to make it less technically complex to enforce that kernel.org servers can't modify code releases?
@karolherbst yeah, I guess my point is that, for the code you showed, a C compiler would be well within its rights to refuse to build that code or complain about it, so this is not entirely the language's fault
@karolherbst but apparently gcc has decided to not treat it as UB, except when using UBSAN: https://gcc.gnu.org/onlinedocs/gcc/Integers-implementation.html
@karolherbst I think that's UB? see C99 6.5.7 "Bitwise shift operators" - the LHS is signed and the result of the computation is not representable in the result type
@alexanderkjall I mean... it is normal that, as a security researcher, when you find a security bug, you contact the upstream vendor, and can expect that to result in the issue being handled appropriately (for example, because the project notifies their downstreams about the issue, or because downstreams generally pick up all patches fast, or because propagation of fixes is ensured through a mechanism like CVEs).
To my knowledge, there is no such mechanism between Linux and most distros, unless the distro just always ships the latest stable kernel; I think that is a process issue, not the security researcher's fault.
When I report Linux kernel security bugs, I, too, just send the bug report to security@kernel.org and the maintainers, not to the third-party linux-distros list.
