From: Julia Lawall <julia.lawall@inria.fr>
To: Roland Dreier <roland@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
ksummit@lists.linux.dev
Subject: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches
Date: Wed, 21 Apr 2021 21:55:09 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.22.394.2104212150230.20674@hadrien> (raw)
In-Reply-To: <CAG4TOxNOHRexUoKTo7ndViNtss0_BDeh4YCVHexvdQhQWF+vaw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2492 bytes --]
On Wed, 21 Apr 2021, Roland Dreier wrote:
> On Wed, Apr 21, 2021 at 12:22 PM Steven Rostedt <rostedt@goodmis.org> wrote:
> > I have no problem with taking a trivial patch if they are really fixing a
> > bug. I think what needs to be done here is look at the patches that got in
> > that were buggy, and see why they got in.
> >
> > Perhaps the answer is to scrutinize trivial patches more. To me, the only
> > "trivial" patch is a comment fix, or update to documentation. And even
> > then, I spend time reviewing it.
> >
> > If you don't have time to review a patch, then by all means, don't accept
> > it. Perhaps the answer is simply have a higher bar on what you do accept.
> >
> > There are a few people that I will accept patches from with out review. But
> > anyone else, I scrutinize the code before taking it in.
>
> I agree with this. And indeed to me perhaps what needs to be
> calibrated is our definition of a trivial patch.
>
> If someone sends a patch that changes "speling" to "spelling" in a
> comment, then I think that's fine to apply without much scrutiny. If
> someone sends a patch that changes reference counting on an error
> path, then that absolutely needs to be looked at to ensure
> correctness. There are enough people sending wrong patches without
> even thinking about malicious actors.
>
> I also think there does need to be a strong sanction against this UMN
> research group, since we need to make sure there are strong incentives
> against wasting everyone's time with stunts like this. Hopefully on
> the academic side it can be made clear that this is not ethical
> research - for example, why did IEEE think this was an acceptable
> paper?
The author's web page (https://www-users.cs.umn.edu/~kjlu/) says:
On the Feasibility of Stealthily Introducing Vulnerabilities in
Open-Source Software via Hypocrite Commits
Qiushi Wu, and Kangjie Lu.
To appear in Proceedings of the 42nd IEEE Symposium on Security and
Privacy (Oakland'21). Virtual conference, May 2021.
★ Note: The experiment did not introduce any bug or bug-introducing
commit into OSS. It demonstrated weaknesses in the patching process in a
safe way. No user was affected, and IRB exempt was issued. The experiment
actually fixed three real bugs. Please see the clarifications.
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
He's on the program committee of the conference for next year...
[I'm just providing information, not implying that I agree with it]
julia
next prev parent reply other threads:[~2021-04-21 19:55 UTC|newest]
Thread overview: 153+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 18:35 [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches James Bottomley
2021-04-21 18:46 ` Christian Borntraeger
2021-04-21 18:51 ` Alexey Dobriyan
2021-04-21 18:53 ` Christian Borntraeger
2021-04-21 19:06 ` Al Viro
2021-04-21 19:14 ` James Bottomley
2021-04-21 19:22 ` Steven Rostedt
2021-04-21 19:26 ` Kees Cook
2021-04-21 19:32 ` Roland Dreier
2021-04-21 19:55 ` Julia Lawall [this message]
2021-04-21 20:28 ` Stephen Hemminger
2021-04-21 20:37 ` Julia Lawall
2021-04-21 20:45 ` Steven Rostedt
2021-04-21 20:50 ` Julia Lawall
2021-04-21 21:03 ` Jiri Kosina
2021-04-21 21:37 ` James Morris
2021-04-22 7:34 ` Geert Uytterhoeven
2021-04-22 7:51 ` Mike Rapoport
2021-04-22 8:45 ` Christian Brauner
2021-04-22 15:27 ` Steven Rostedt
2021-04-22 9:39 ` Mauro Carvalho Chehab
2021-04-22 9:55 ` Mauro Carvalho Chehab
2021-04-22 12:01 ` Leon Romanovsky
2021-04-22 12:26 ` Mark Brown
2021-04-22 12:35 ` Leon Romanovsky
2021-04-22 12:52 ` Hans Verkuil
2021-04-22 13:33 ` Mauro Carvalho Chehab
2021-04-22 13:42 ` Leon Romanovsky
2021-04-22 12:18 ` Leon Romanovsky
2021-04-22 15:38 ` Shuah Khan
2021-04-23 9:06 ` Mauro Carvalho Chehab
2021-04-23 17:17 ` Leon Romanovsky
2021-04-23 22:41 ` Shuah Khan
2021-04-22 5:59 ` Christoph Hellwig
2021-04-22 6:28 ` Tomasz Figa
2021-04-22 7:05 ` Al Viro
2021-04-22 7:46 ` Al Viro
2021-04-22 7:06 ` H. Peter Anvin
2021-04-22 7:05 ` Jiri Kosina
2021-04-22 16:05 ` Roland Dreier
2021-04-22 16:24 ` Krzysztof Kozlowski
2021-04-22 18:03 ` Al Viro
2021-04-22 22:35 ` Thomas Gleixner
2021-04-22 22:53 ` Laurent Pinchart
2021-07-20 16:26 ` Kernel sustainability (was Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Daniel Vetter
2021-04-21 19:30 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Jiri Kosina
2021-04-21 20:28 ` Jiri Kosina
2021-04-21 22:18 ` Shuah Khan
2021-04-21 23:17 ` Guenter Roeck
2021-04-21 23:21 ` Shuah Khan
2021-04-21 19:47 ` Dan Carpenter
2021-04-22 9:34 ` Mauro Carvalho Chehab
2021-04-22 9:59 ` Johannes Berg
2021-04-22 10:52 ` Mauro Carvalho Chehab
2021-04-22 12:16 ` Mike Rapoport
2021-04-22 13:41 ` Mauro Carvalho Chehab
2021-04-22 20:15 ` Alexandre Belloni
2021-04-23 0:09 ` Randy Dunlap
2021-04-21 19:49 ` Alexandre Belloni
2021-04-22 2:05 ` Martin K. Petersen
2021-04-22 3:04 ` Joe Perches
2021-04-22 10:13 ` Mauro Carvalho Chehab
2021-04-22 12:07 ` Mark Brown
2021-04-22 16:42 ` Bart Van Assche
2021-04-22 17:58 ` Jiri Kosina
2021-04-22 4:21 ` Leon Romanovsky
2021-04-22 4:56 ` Al Viro
2021-04-22 5:52 ` Leon Romanovsky
2021-04-22 6:05 ` Christoph Hellwig
2021-04-22 6:03 ` Christoph Hellwig
2021-04-22 6:18 ` Leon Romanovsky
2021-04-22 9:20 ` Mauro Carvalho Chehab
2021-04-22 11:34 ` Leon Romanovsky
2021-04-22 13:22 ` Mark Brown
2021-04-22 13:47 ` Leon Romanovsky
2021-04-22 13:51 ` Mark Brown
2021-04-22 14:12 ` Mauro Carvalho Chehab
2021-04-22 14:51 ` Leon Romanovsky
2021-04-22 13:29 ` Steven Rostedt
2021-04-22 13:58 ` Leon Romanovsky
2021-04-22 14:20 ` Rob Herring
2021-04-23 6:04 ` Mauro Carvalho Chehab
2021-04-23 6:46 ` Joe Perches
2021-04-23 7:13 ` Mauro Carvalho Chehab
2021-04-23 7:20 ` [PATCH RFC] scripts: add a script for sending patches Mauro Carvalho Chehab
2021-04-23 14:52 ` Better tools for sending patches (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Doug Anderson
2021-04-23 16:03 ` Mark Brown
2021-04-23 17:12 ` Leon Romanovsky
2021-04-26 23:50 ` Simon Glass
2021-04-22 12:53 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Konstantin Ryabitsev
2021-04-22 13:08 ` Leon Romanovsky
2021-04-22 13:27 ` Konstantin Ryabitsev
2021-04-22 13:41 ` Leon Romanovsky
2021-04-22 16:28 ` Serge E. Hallyn
2021-04-22 17:56 ` Leon Romanovsky
2021-04-22 18:05 ` backfilling threads with b4 (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Konstantin Ryabitsev
2021-04-23 7:19 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Greg KH
2021-04-23 7:31 ` Christian Brauner
2021-04-23 18:50 ` Konstantin Ryabitsev
2021-04-22 12:40 ` Mark Brown
2021-04-22 12:54 ` Mike Rapoport
2021-04-22 13:23 ` Mark Brown
2021-04-22 15:19 ` Steven Rostedt
2021-04-22 21:19 ` Thomas Gleixner
2021-04-22 21:36 ` Steven Rostedt
2021-04-22 22:39 ` Thomas Gleixner
2021-04-23 0:26 ` Joe Perches
2021-04-23 6:15 ` Greg KH
2021-04-23 6:50 ` Dan Williams
2021-04-23 7:13 ` Geert Uytterhoeven
2021-04-23 14:41 ` Shuah Khan
2021-04-23 9:12 ` Michal Hocko
2021-04-22 14:51 ` Laurent Pinchart
2021-04-22 15:14 ` Mike Rapoport
2021-04-22 15:17 ` Laurent Pinchart
2021-04-22 15:35 ` Al Viro
2021-04-22 15:32 ` Shuah Khan
2021-04-22 10:35 ` Mauro Carvalho Chehab
2021-04-22 11:03 ` Sudip Mukherjee
2021-04-22 14:00 ` Steven Rostedt
2021-04-22 14:07 ` Jiri Kosina
2021-04-22 15:31 ` Sudip Mukherjee
2021-04-22 21:33 ` Thomas Gleixner
2021-04-22 20:28 ` Andrew Morton
2021-04-22 20:46 ` Steven Rostedt
2021-04-22 12:32 ` Martin K. Petersen
2021-04-22 15:11 ` Laurent Pinchart
2021-04-22 15:28 ` James Bottomley
2021-04-22 15:35 ` Johannes Berg
2021-04-22 15:36 ` Mark Brown
2021-04-22 15:40 ` James Bottomley
2021-04-23 9:27 ` Dan Carpenter
2021-04-22 13:24 ` Konstantin Ryabitsev
2021-04-22 14:31 ` Mauro Carvalho Chehab
2021-04-22 15:34 ` Shuah Khan
2021-04-22 15:42 ` James Bottomley
2021-04-22 15:48 ` James Bottomley
2021-04-22 15:52 ` Steven Rostedt
2021-04-22 16:08 ` Shuah Khan
2021-04-22 16:13 ` Jan Kara
2021-04-22 17:04 ` Steven Rostedt
2021-04-22 17:08 ` Martin K. Petersen
2021-04-23 11:16 ` Jan Kara
2021-04-23 12:57 ` Mauro Carvalho Chehab
2021-04-23 7:58 ` Mauro Carvalho Chehab
2021-04-23 10:54 ` Greg KH
2021-04-23 17:09 ` Leon Romanovsky
2021-04-22 16:23 ` Konstantin Ryabitsev
2021-04-22 16:38 ` Bart Van Assche
2021-04-22 16:57 ` Leon Romanovsky
2021-04-22 18:03 ` Jiri Kosina
2021-04-22 21:26 ` Thomas Gleixner
2021-04-22 21:36 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.22.394.2104212150230.20674@hadrien \
--to=julia.lawall@inria.fr \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ksummit@lists.linux.dev \
--cc=roland@kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).