Re: disabling sha1dc unaligned access, was Re: One failed self test on Fedora 29

["Ævar Arnfjörð Bjarmason" <avarab@gmail.com>]

On Mon, Mar 11 2019, Jeff King wrote:

> On Mon, Mar 11, 2019 at 07:15:12PM +0100, Thomas Braun wrote:
>
>> Am 11.03.2019 um 12:58 schrieb Duy Nguyen:
>> > On Mon, Mar 11, 2019 at 10:48 AM Jeff King <peff@peff.net> wrote:
>> >> And AFAIK there is no good way to
>> >> modify the submodule-provided content as part of the build. Why do we
>> >> even have the submodule again? ;P
>> >
>> > Because of dogfooding of course. This is an interesting use case
>> > though. I wonder if people often want to "patch" submodules like this
>> > (and what we could do if that's the case)
>>
>> I usually do the following:
>>
>> - Fork the sub-project
>> - Add a branch with my proposed patches
>> - Update the URL and the commit of the submodule in the super-project
>>
>> This of course requires all users to do
>>
>> git submodule sync
>>
>> which is a bit incovenient, but works.
>
> The problem to me is not that the steps that a developer has to do, but
> rather that we are dependent on the upstream project to make a simple
> fix (which they may not agree to do, or may take a long time to do).
>
> Whereas if we import the content into our repo as a subtree, we are free
> to hack it up as we see fit, and then occasionally pull from upstream
> and reconcile the changes. Changing upstream isn't advisable in the
> general case, but I think makes a lot of sense for small changes
> (especially if you have the discipline to actually get the same or
> similar change pushed upstream).
>
> In this particular case, though, the sha1dc project is pretty
> responsive, so I don't think it's going to be a big deal. It just seems
> like an anti-pattern in general.

There's a at least a couple of aspects to this.

One is whether we should have the submodule in
sha1collisiondetection/. I agree that's probably a bad idea now
per-se. Honestly I wasn't expecting the answer when I submitted the
final patch to switch to it fully to be to the effect of submodules
being too immature for the git project itself to use. So now we're
effectively mid-series, and should maybe just back out.

But the other is the developer social engineering question of how we
strike the right trade-off when we import upstream code.

I fully agree with what you've said in theory, but if we look at what's
happened in practice we as a project are demonstrably not disciplined
enough to manage upstream code like this without overtly perma-forking
it.

E.g. I gave up on updating compat/regex some time ago because of the
various cross-tree patches that had ended up modifying it. Now we can't
just upstream a new engine anymore.

Someone needs to first go through those various modifications, upstream
them one-by-one or prove they're not needed anymore (and many are
portability / obscure compiler fixes, so that's hard...). The
compat/regex isn't unique here, e.g. compat/poll/ is another example of
this.

As far as I can tell none of the people changing that code went through
the process of submitting a parallel upstream fix or seeing if the issue
was fixed upstream and we could just update the code we were carrying,
and of course that gets progressively harder for any one contributor as
our divergence grows.

So even though the theory of the sha1collisiondetection/ submodule +
sha1dc/ code fork is silly, perhaps we've stumbled upon some way where
we at least file an upstream bug for issues we find and fix. As
demonstrated by other such changes that's already leaps and bounds ahead
of what we're usually doing.