At Thu, 7 Nov 2013 10:47:25 +0000, Mark Brown wrote:
On Wed, Nov 06, 2013 at 09:23:42PM +0100, Takashi Iwai wrote:
Secondly, more importantly, it's end-users who would suffer from the sudden death problem, not the developers. This is the production level, so you can't justify the sudden death. And, with panic() by BUG*(), developers would receive only news that machines are killed without dying messages.
With the sort of systems these things are sold into users don't have any direct access to anything that'd let them trigger problems - the devices are sold as full stack integrated systems and the system integrators don't generally differentiate between what error handling would do and direct failures that much. It is better to handle things gracefully but we need to be realistic about the benefits.
Yes, and think that this is the first step. At least, we can refuse the use of BUG*() in any of merged materials in future. Leaving BUG*() is a bad sign of lazy error handling.
And, actually your vendor-lock assumption doesn't look valid any longer. There are more and more ARM-based systems that can install OS later relatively easily. Most of distros (openSUSE, Ubuntu, Fedora, etc) already provide the installation images, and I know many users of Chromebooks running such. (And I know some of them burned speakers due to the incorrect UCM setup or usage :-)
That is, ASoC is no longer a platform used only for embedded devices that vendors have controls on, but it's deployed in wider fields. There are (and will be more) end-users who are free from the vendor's system. We are still responsible for them.
thanks,
Takashi