Linux creator Linus Torvalds has agreed to include Paragon Software's NTFS3 kernel driver, giving the Linux kernel 5.15 release improved support for Microsoft's NTFS file system. But he also had some process and security lessons to offer developers about how to code submissions to the kernel should be made.
Paragon's NTFS driver will make working with Windows' NTFS drives in Linux an easier task -- ending decades of difficulties with Microsoft's proprietary file system that succeeded FAT.
The addition of Paragon NTFS3 kernel driver follows a prompt from Torvalds in August to go for it and "actually submit" the code so it can be merged into the kernel, telling Paragon that it "should just make a git pull request for it."
As spotted by Phoronix, Torvalds late last week asked Paragon Software again whether the NTFS3 pull request would be submitted for Linux 5.15.
Konstantin Komarov of Paragon Software replied upon Friday with the NTFS3 pull request but did so -- to the dismay of Torvalds -- via Github's web interface.
"This is NTFS read-write driver. The current version works with normal/compressed/sparse files and supports acl, NTFS journal replaying," explained Komarov.
"Most of the code was in the Linux-next branch since Aug 13, but there are some patches that were in the Linux-next branch only for a couple of days. Hopefully, it is ok - no regression was detected in tests."
Via The Register, Torvalds offered Komarov a few pointers on how not to submit pull requests in the future, especially using GitHub's web interface for any code merges into the Linux kernel.
"I notice that you have a GitHub merge commit in there," wrote Torvalds.
He continued: "That's another of those things that I *really* don't want to see - GitHub creates absolutely useless garbage merges, and you should never ever use the GitHub interfaces to merge anything...GitHub is a perfectly fine hosting site, and it does a number of other things well too, but merges are not one of those things."
Torvalds' chief problem with it was that merges need "proper commit messages with information about is being merged and *why* you merge something."
He continued: "But it also means proper authorship and committer information etc. All of which GitHub entirely screws up."
Torvalds also had some pertinent security advice, perhaps useful in light of recent software supply chain cyberattacks that the Linux Foundation wants to address by improving supply chain integrity through tools that make it easier to sign software cryptographically. As Torvalds points out, this is particularly important for new contributors to the Linux kernel.
"For GitHub accounts (or really, anything but kernel.org where I can just trust the account management), I really want the pull request to be a signed tag, not just a plain branch," Torvalds explains.
He continues: "In a perfect world, it would be a PGP signature that I can trace directly to you through the chain of trust, but I've never actually required that. So while I prefer to see a full chain of trust, I realize that isn't always easy to set up, and so at least I want to see an "identity" that stays constant so that I can see that pulls come from the same consistent source that controls that key."