From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from terminus.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B80CE70 for ; Thu, 22 Apr 2021 07:38:21 +0000 (UTC) Received: from [IPv6:2601:646:8602:8be1:85c6:1f13:b1ff:977d] ([IPv6:2601:646:8602:8be1:85c6:1f13:b1ff:977d]) (authenticated bits=0) by mail.zytor.com (8.16.1/8.15.2) with ESMTPSA id 13M76V0k3420049 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Thu, 22 Apr 2021 00:06:33 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 13M76V0k3420049 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2021032801; t=1619075193; bh=cDL4nXK4QZ9Lnf7dregq1YYzcdR6qFB9TypQJbAXhzw=; h=Date:In-Reply-To:References:Subject:To:CC:From:From; b=Q/cFLpY0Vtj8jcWVoU2I9HwrS+uM/bPJl1AJb2ttswEdI9ZlcxvSG8jES+PT3MKyM IWMQOOkKMqQQ9H7KBwRtChtB1xyz+9xVj9yxbgwpvlbtwtJyf2/BzmW3a2AVji0nhV ocLjM5PxqrhdDPElRJqKnllImE0FtdGCJO4y4zj4SDchxGzT+7gkIrM2QxL0EcImVb OdKlCoGC1UDl1LwZhIUdrhcpuSID2siRb8wvWBxACyRCSGsUrO+TkzfEJJoWl/kYaw buZfYiE+tsZctY79ilbK3Gzsqbs6Cz+A4SM01/RV9vd6neQBYE2ia/a/icSLygyvPP EDHILw/oLdmug== Date: Thu, 22 Apr 2021 00:06:20 -0700 User-Agent: K-9 Mail for Android In-Reply-To: References: <20210421152209.68075314@gandalf.local.home> <20210422055948.GA4171859@infradead.org> X-Mailing-List: ksummit@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches To: Tomasz Figa , Christoph Hellwig CC: Roland Dreier , Steven Rostedt , James Bottomley , ksummit@lists.linux.dev From: "H. Peter Anvin" Message-ID: And *that* is the fundamental problem here=2E=20 Pen testing without permission is at best unethical, and often illegal=2E On April 21, 2021 11:28:25 PM PDT, Tomasz Figa = wrote: >2021=E5=B9=B44=E6=9C=8822=E6=97=A5(=E6=9C=A8) 15:01 Christoph Hellwig : >> >> On Wed, Apr 21, 2021 at 12:32:33PM -0700, Roland Dreier wrote: >> > I also think there does need to be a strong sanction against this >UMN >> > research group, since we need to make sure there are strong >incentives >> > against wasting everyone's time with stunts like this=2E Hopefully >on >> > the academic side it can be made clear that this is not ethical >> > research - for example, why did IEEE think this was an acceptable >> > paper? >> >> I wholeheartedly disagree=2E Demonstrating this kind of "attack" has >> been long overdue, and kicked off a very important discussion=2E Even >> more so as in this area malice is almost indistinguishable from >normal >> incompetence=2E I think they deserve a medel of honor=2E >> > >Agreed with Christoph=2E We are talking here about a critical piece of >the software that is the foundation of security of the whole system=2E >That we have a problem with the volume of reviews has been a topic on >various conferences since years and my experience is that it hasn't >really improved=2E As a part of my Chromium work, I often find upstream >code with issues that make me really concerned about the quality of >the review it received=2E Not saying it applies to all subsystems of >course, but not limited to single special cases either=2E > >That said, I think UMN should have done this in a more ethical way=2E >For example, someone from the kernel community could have been >involved as a supervisor, to prevent things from running out of >control and ending up as real exploits and also to facilitate a >clean-up after the experiment ends=2E Also the fact that they are >denying this now is concerning=2E > >Best regards, >Tomasz --=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E