From: Pavel Machek <pavel@ucw.cz>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Kangjie Lu <kjlu@umn.edu>,
tech-board@lists.linux-foundation.org
Subject: Re: Report on University of Minnesota Breach-of-Trust Incident
Date: Thu, 6 May 2021 23:40:09 +0200 [thread overview]
Message-ID: <20210506214009.GA6494@amd> (raw)
In-Reply-To: <202105061042.E99B414F0A@keescook>
[-- Attachment #1: Type: text/plain, Size: 2062 bytes --]
Hi!
> > # Commits from @umn.edu addresses have been found to be submitted in "bad
> > # faith" to try to test the kernel community's ability to review "known
> > # malicious" changes.
>
> I would agree that the phrasing here is sub-optimal in that it could
> more clearly separate a few related things (e.g. "malicious change" vs
> "valid fix"). If I were writing this, I would have said something along
> the lines of:
>
> Commits from UMN authors have been found to be submitted with intentional
> flaws to try to test the kernel community's ability to review "known
> malicious" changes. ...
> During review of all submissions, some patches were found to be
> unintentionally flawed. ...
> Out of an abundance of caution all submissions from this group must be
> reverted from the tree and will need to be re-review again. ...
Thank you.
> > UMN apologized. Our reaction to their apology was:
> >
> > https://lore.kernel.org/lkml/YIV+pLR0nt94q0xQ@kroah.com/#t
> >
> > Do we owe them apology, too?
>
> I will defer to Greg on what he thinks his duties are there, but in
> trying to figure out who "we" is, I'll just point out that I attempted
> to clarify the incorrect assumptions about the intent of historical UMN
> patches, and spoke for the entire TAB (Greg included) here:
> https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
> The report repeated this in several places, and we explained our need
> for due diligence.
Well, in https://lore.kernel.org/lkml/YIV+pLR0nt94q0xQ@kroah.com/#t
Greg says:
"Until those actions are taken, we do not have anything further to
discuss about this issue."
I'm not sure on behalf of whom he is speaking in the email (and I
believe he is unneccessarily harsh with them).
I could reply to that saying "hey, Greg is probably speaking only for
himself there, he certainly can't speak for whole linux community",
but I believe it would be better if TAB did that.
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2021-05-06 21:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-05 17:07 Report on University of Minnesota Breach-of-Trust Incident Kees Cook
2021-05-06 8:26 ` Pavel Machek
2021-05-06 18:40 ` Kees Cook
2021-05-06 21:02 ` Metztli Information Technology
2021-05-11 15:39 ` Richard Guy Briggs
2021-05-06 21:40 ` Pavel Machek [this message]
2021-05-08 1:30 ` Kangjie Lu
2021-05-09 17:56 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210506214009.GA6494@amd \
--to=pavel@ucw.cz \
--cc=keescook@chromium.org \
--cc=kjlu@umn.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=tech-board@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.