[cip-dev] umn.edu situation and its effects on stable/cip

[cip-dev] umn.edu situation and its effects on stable/cip

[Pavel Machek]

[-- Attachment #1.1: Type: text/plain, Size: 1086 bytes --]

Hi!

You may have noticed in the news something funny is going on with
umn.edu commits.

Researchers at umn.edu did 3 bad-faith patches to kernel, sent them
from gmail.com addresses, and tried to get them reviewed (but
prevented them from being merged):

https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

That somehow led to Greg trying to revert all patches from umn.edu:

https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

And indeed there are some patches that do not fix any problem in
mainline (I identified one during stable review), but I don't see
evidence they were done in bad faith.

This is developing news, discussed on linux-kernel and ksummit-discuss
mailing lists (at least), but it should not affect us till middle of
May, and in my view it is likely that impact will be minor in the end.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6386): https://lists.cip-project.org/g/cip-dev/message/6386
Mute This Topic: https://lists.cip-project.org/mt/82307678/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] umn.edu situation and its effects on stable/cip

[Neal Caidin]

[-- Attachment #1.1: Type: text/plain, Size: 1765 bytes --]

A Linux Foundation colleague has offered to do an analysis for projects to
assess the situation.

"I can run an analysis of ... source code looking for commits from the two
PhDs who are currently known, and also look for any commits from an @umn.edu
email address."

If this is of interest, I'll look into this offer further.

Please let me know.

Best,
Neal

*Neal Caidin*
Program Manager, Program Management & Operations
The Linux Foundation
+1 (919) 238-9104 (w/h)
+1 (919) 949-1861 (m)
ncaidin@linuxfoundation.org




On Fri, Apr 23, 2021 at 6:58 AM Pavel Machek <pavel@denx.de> wrote:

> Hi!
>
> You may have noticed in the news something funny is going on with
> umn.edu commits.
>
> Researchers at umn.edu did 3 bad-faith patches to kernel, sent them
> from gmail.com addresses, and tried to get them reviewed (but
> prevented them from being merged):
>
>
> https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
>
> That somehow led to Greg trying to revert all patches from umn.edu:
>
>
> https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
>
> And indeed there are some patches that do not fix any problem in
> mainline (I identified one during stable review), but I don't see
> evidence they were done in bad faith.
>
> This is developing news, discussed on linux-kernel and ksummit-discuss
> mailing lists (at least), but it should not affect us till middle of
> May, and in my view it is likely that impact will be minor in the end.
>
> Best regards,
>                                                                 Pavel
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>
> 
>
>

[-- Attachment #1.2: Type: text/html, Size: 3695 bytes --]

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6387): https://lists.cip-project.org/g/cip-dev/message/6387
Mute This Topic: https://lists.cip-project.org/mt/82307678/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] umn.edu situation and its effects on stable/cip

[Pavel Machek]

[-- Attachment #1.1: Type: text/plain, Size: 1069 bytes --]

Hi!

> A Linux Foundation colleague has offered to do an analysis for projects to
> assess the situation.
> 
> "I can run an analysis of ... source code looking for commits from the two
> PhDs who are currently known, and also look for any commits from an @umn.edu
> email address."
> 
> If this is of interest, I'll look into this offer further.

Well, there's big series from Greg:

Date: Wed, 21 Apr 2021 14:57:55 +0200
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Subject: [PATCH 000/190] Revertion of all of the umn.edu commits
Message-Id: <20210421130105.1226686-1-gregkh@linuxfoundation.org>

If noone commented on the patch, yet, analysing it may not be bad
idea. There is a lot of fixes in there, and we don't want to revert
those.

(But I believe this is so hot issue that there will be enough manpower
on it.)

Best regards,

								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6388): https://lists.cip-project.org/g/cip-dev/message/6388
Mute This Topic: https://lists.cip-project.org/mt/82307678/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-