Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3063567imu;
        Mon, 17 Dec 2018 12:37:14 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VcqDNa3Ci9QxHEVhbbF5aaW3c87Lj6HIACOcbIPITtew//ckiu8eodZJAJOZSajplmWMrt
X-Received: by 2002:a17:902:5ac7:: with SMTP id g7mr14208537plm.212.1545079034808;
        Mon, 17 Dec 2018 12:37:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1545079034; cv=none;
        d=google.com; s=arc-20160816;
        b=SuSjOBp9aZKMv+/JqoDrudhrdrTjH3U5B5+AVN6jHQh1CJ+4yuQypmM3EGh/adjtLU
         KkEpY79NLjLtlrXmUfz0WHO9jJP9+Equrs67ViSBRrYF/rJdgMroa4/6kcwBAVIC1RO4
         0WoRwTvII7KiURNP9QckT3p3aYffu2i8sC7aQ4OV49xe1HGQMcK+Bj2wOnb1aMFRSCwo
         S9+NHikRJ8OzUIaU29iTY+JkQGvoLexCCUSbOIiJCNBYZ4oA7pEF0A85YoA2KCDrjUXS
         YX77RDrDfDpW8o9vEvT6Vq0T24Mg6eHDhyM9ifDB/uz+/+N0mXY+oZwHCpx1T8NMfdZd
         h7Vg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=iqN/4+zeAD7+0ew2xLObnXhaVf+t/pWLi+l6M6SR5M8=;
        b=N1jvDVf0T5Y43CKDPvSQ1ER9UA6ul9o3ctoNuR1dhe/D7nxV1XXz4cc2bd1h5YAKmr
         ZJgiTmj1Kv8ZwWtF2/W8P6ygFNKm7Dynp1SMQ+pawaT4/ORB5bawFLXFIPwW5LOTVBPc
         +DrzzqkgUd5pBMazeaJnmlyeRjRSuYs7dS7t1GVQfWXavxnDS+SnPDmxft8/Nab5F5Tx
         qW5doEhn4/rkSANYMMBL2k4jfOMIJtI4+kjsV8wF84HE3qCVYUalWGACwr4gkoseIp5B
         nqLrvj4+kBcE5xmjSvT143ylLHKROqLPT1jUz5iEMoQYVF/vcJUtUyo02F5aPEEb6+XH
         GvlQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="Ge/+p+eV";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u129si12140454pfu.117.2018.12.17.12.36.59;
        Mon, 17 Dec 2018 12:37:14 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="Ge/+p+eV";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388110AbeLQTPx (ORCPT <rfc822;kernelgary@gmail.com>
        + 99 others); Mon, 17 Dec 2018 14:15:53 -0500
Received: from mail.kernel.org ([198.145.29.99]:34418 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726914AbeLQTPw (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Dec 2018 14:15:52 -0500
Received: from gmail.com (unknown [104.132.1.77])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 775C4206A2;
        Mon, 17 Dec 2018 19:15:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1545074151;
        bh=ipw6pMGhfZ10FRBMGcEI9WjPDkqY+T48T7fTF8qSQ1g=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=Ge/+p+eVDXqvaGgs6z3iLICRc8xXnpqCZdWBFGWKHhc3qBbhvexrFq+ztHsb73IdR
         WKsKyGYrK1/qiLchXLAjj58LWXgaNY+BboMuXOM01dTnq+5uvb3zEl8nHML2WdXe0h
         dz5iv2BqtzMbsUtVgG9nQXQ+3B1fL/ntYXdaSQJ8=
Date:   Mon, 17 Dec 2018 11:15:50 -0800
From:   Eric Biggers <ebiggers@kernel.org>
To:     Christoph Hellwig <hch@infradead.org>
Cc:     "Theodore Y. Ts'o" <tytso@mit.edu>, linux-fscrypt@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
        linux-f2fs-devel@lists.sourceforge.net,
        linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
        Jaegeuk Kim <jaegeuk@kernel.org>,
        Victor Hsieh <victorhsieh@google.com>,
        Chandan Rajendra <chandan@linux.vnet.ibm.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v2 01/12] fs-verity: add a documentation file
Message-ID: <20181217191549.GB141684@gmail.com>
References: <20181101225230.88058-1-ebiggers@kernel.org>
 <20181101225230.88058-2-ebiggers@kernel.org>
 <20181212091406.GA31723@infradead.org>
 <20181212202609.GA193967@gmail.com>
 <20181213202249.GA3797@infradead.org>
 <20181214051722.GF20880@thunk.org>
 <20181217165231.GB18626@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20181217165231.GB18626@infradead.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Christoph,

On Mon, Dec 17, 2018 at 08:52:31AM -0800, Christoph Hellwig wrote:
> [FYI, your mail never made it to my inbox, although I found the copy
> in linux-fsdevel now]
> 
> On Fri, Dec 14, 2018 at 12:17:22AM -0500, Theodore Y. Ts'o wrote:
> > I don't consider fs-verity to be part of core VFS, but rather a
> > library that happens to be used by ext4 and f2fs.  This is much like
> > fscrypt, which was originally an ext4-only thing, but the code was
> > always set up so it could be used by other file systems, and when f2fs
> > was interested in using it, we moved it to fs/crypto.  As such the
> > fscrypto code never got a review from Al, Andrew, or you, and when I
> > pushed it to Linus, he accepted the pull request.
> 
> And as a result we are stuck with a pretty bad interface, so this is
> a very good example for how to not do thing!  Just because a user
> interface is only implemented by one or two file systems doesn't mean
> it should skip the userspace ABI review, because we tend to generalize
> them unless they are deeply specific to fs internals.
> 

While I do have some improvements planned for the fscrypt interface,
specifically how encryption keys are managed [1], the issues are subtle enough
that I don't think there's any chance they could have been gotten "right" the
first time around, even if lots more people had reviewed it.  It took me over a
year working with fscrypt to put together my proposal for how to improve things,
and it was only really possible because I was able to consider all the people
actually using fscrypt and what problems they are having, if any.

Even so, the current fscrypt interface is actually good enough that there still
hasn't been much real interest in getting my proposed improvements merged yet.
(Not surprisingly, they've also been completely ignored by all the "VFS people"
you say should be reviewing this stuff...)

So for fscrypt I personally don't think that waiting would have changed much in
practice, besides ensuring that users wouldn't have any solution at all.

[1] https://lwn.net/Articles/737274/

- Eric