Solution to problems related to Linux kernel code reviewer shortage

Solution to problems related to Linux kernel code reviewer shortage
GuideOperating system security is now the most important thing, while Linux is a main part to be discussed. One of the first problems to be solved is: how do we determine that the patch submitted to the upstream has been reviewed by code?

Wolfram Sang has been a Linux kernel developer since 2008. He often speaks at Linux summits in various regions, such as the 2016 Berlin Linux summit, he proposed how to improve kernel development practices.
Let's look at his point of view.

In 2013, you reminded the ELCE committee in Edinburgh that if no change was made, the potential and other controversial issues of the subsystem would gradually expand. Have they changed? Did the events you mentioned happen?

Yes, to some extent. Of course, the Linux kernel is a project composed of many components. Therefore, more attention should be given to Linux subsystems in a more important position. However, there are too many subsystems "just one piece in the puzzle", so the potential problems of these subsystems have not been solved.

You have pointed out that code reviewers are a big problem. Why do you think the Linux kernel development community does not have enough code reviewers?

One of the reasons is that most developers only write code, but do not read much code. There is nothing wrong with this, but it shows that not everyone is a code reviewer, so we should really encourage everyone to review the code.

The other thing I see is that when we ask people to join our community, the most important assessment is the number of patch contributions. I personally think this is normal, and it is a good practice in the initial stage when the total contribution is small. However, as more and more people, especially companies, join us, we have encountered source code review problems. But don't misunderstand. It's great to have a considerable contribution. However, it should be pointed out that participating in the community has more connotations, such as how to take responsibility for the next development. Some parts are being improved, but not enough.

Do you think it will be helpful for more code reviewers to train or review incentives?

My main point is to point out that there are still problems. Yes, we have done well so far, but it does not mean that all of them are doing well. We also have problems with expansion. To let people understand the facts, we hope that some groups will be interested and involved. Although, I don't think we need special training. Some of the Code reviewers I am familiar with are very good or talented, but these people are too few or their free time is too small.

The first is to have this kind of internal motivation. As for others, it is very good to learn while doing. This is one of the advantages I want to point out: Review patches can make you a better code developer.

In your opinion, is there a popular large project that is doing well in expansion and can be used for reference?

I really don't know that there is such a project. If so, I can learn from it at any time.

I am very focused on the Linux kernel, so there may be some bias. However, in my opinion, Linux kernel projects are really special in terms of scale, contribution, and diversity. So when I want to find another project to find inspiration to improve the workflow, it's a normal idea. At present, our expansion problem is really special. And I found that it is a great method to see what other subsystems do in the kernel.

You once said that security issues are something that everyone should think of. What should users do to avoid or improve security risks?

At this year's (2016) Berlin Linux summit, my conversation was aimed at the development layer. Security risks may come from patches that are not correctly reviewed. I don't want users to solve this problem myself, but I hope these security problems will never happen. Of course this is not possible, but it is still my first choice to solve the problem.

I'm curious about how this huge community can improve these problems. Do you have some types of error reports that you want users to submit regularly in the form of files? Which of the following areas do I not notice for some reason?

We do not lack error reports. I am worried that, due to the shortage of code reviewers, the patches are incomplete, resulting in more error reports. Therefore, not only do you need to handle a large amount of contributions, but you also need to handle more errors or roll back versions.

Do you want our readers to know more about your efforts?

I often remember the particularity of the Linux kernel. It is just code at the underlying layer.

From: https://linux.cn/article-7905-1.html

Address: http://www.linuxprobe.com/solve-linux-shortages.html