From: Leon Romanovsky <leon@kernel.org>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: "Shelat, Abhi" <a.shelat@northeastern.edu>,
Greg KH <gregkh@linuxfoundation.org>,
Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
Aditya Pakki <pakki001@umn.edu>,
Chuck Lever <chuck.lever@oracle.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Dave Wysochanski <dwysocha@redhat.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
netdev <netdev@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
Date: Wed, 21 Apr 2021 16:49:31 +0300 [thread overview]
Message-ID: <YIAta3cRl8mk/RkH@unreal> (raw)
In-Reply-To: <20210421133727.GA27929@fieldses.org>
On Wed, Apr 21, 2021 at 09:37:27AM -0400, J. Bruce Fields wrote:
> On Wed, Apr 21, 2021 at 11:58:08AM +0000, Shelat, Abhi wrote:
> > Academic research should NOT waste the time of a community.
> >
> > If you believe this behavior deserves an escalation, you can contact
> > the Institutional Review Board (irb@umn.edu) at UMN to investigate
> > whether this behavior was harmful; in particular, whether the research
> > activity had an appropriate IRB review, and what safeguards prevent
> > repeats in other communities.
>
> For what it's worth, they do address security, IRB, and maintainer-time
> questions in "Ethical Considerations", starting on p. 8:
>
> https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
>
> (Summary: in that experiment, they claim actual fixes were sent before
> the original (incorrect) patches had a chance to be committed; that
> their IRB reviewed the plan and determined it was not human research;
> and that patches were all small and (after correction) fixed real (if
> minor) bugs.)
>
> This effort doesn't appear to be following similar protocols, if Leon
> Romanvosky and Aditya Pakki are correct that security holes have already
> reached stable.
Aditya Pakki is the one who is sending those patches.
If you want to see another accepted patch that is already part of
stable@, you are invited to take a look on this patch that has "built-in bug":
8e949363f017 ("net: mlx5: Add a missing check on idr_find, free buf")
Thanks
next prev parent reply other threads:[~2021-04-21 13:49 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 0:16 [PATCH] SUNRPC: Add a check for gss_release_msg Aditya Pakki
2021-04-07 15:34 ` J. Bruce Fields
2021-04-08 15:01 ` Trond Myklebust
2021-04-08 15:24 ` Olga Kornievskaia
2021-04-08 16:02 ` Trond Myklebust
2021-04-20 7:15 ` Greg KH
2021-04-20 17:10 ` J. Bruce Fields
2021-04-21 5:10 ` Leon Romanovsky
2021-04-21 5:43 ` Greg KH
2021-04-21 6:08 ` Leon Romanovsky
[not found] ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com>
2021-04-21 8:15 ` Greg KH
2021-04-21 10:07 ` Sudip Mukherjee
2021-04-21 10:21 ` Greg KH
2021-04-21 11:58 ` Shelat, Abhi
2021-04-21 12:08 ` Greg KH
2021-04-21 12:19 ` Leon Romanovsky
2021-04-21 13:11 ` Trond Myklebust
2021-04-21 13:20 ` Leon Romanovsky
2021-04-21 13:42 ` Steven Rostedt
2021-04-21 13:21 ` gregkh
2021-04-21 13:34 ` Leon Romanovsky
2021-04-21 13:50 ` gregkh
2021-04-21 14:12 ` Leon Romanovsky
2021-04-21 18:50 ` Alexander Grund
2021-04-21 13:37 ` J. Bruce Fields
2021-04-21 13:49 ` Leon Romanovsky [this message]
2021-04-21 13:56 ` J. Bruce Fields
2021-04-22 19:39 ` J. Bruce Fields
2021-04-23 17:25 ` Leon Romanovsky
2021-04-23 18:07 ` J. Bruce Fields
2021-04-23 19:29 ` Leon Romanovsky
2021-04-23 21:48 ` J. Bruce Fields
2021-04-24 7:21 ` Leon Romanovsky
2021-04-24 18:34 ` Al Viro
2021-04-24 21:34 ` J. Bruce Fields
2021-04-25 0:41 ` Theodore Ts'o
2021-04-25 6:29 ` Greg KH
[not found] ` <20210426133605.GD21222@fieldses.org>
2021-04-26 13:47 ` J. Bruce Fields
2021-04-22 8:10 ` Sudip Mukherjee
2021-04-22 8:27 ` Greg KH
2021-04-21 12:51 ` Anna Schumaker
2021-04-21 14:15 ` Leon Romanovsky
2021-04-21 15:48 ` Theodore Ts'o
2021-04-21 17:34 ` Mike Rapoport
2021-04-22 3:57 ` Leon Romanovsky
2021-04-21 22:52 ` Guenter Roeck
[not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com>
2021-04-21 19:49 ` Theodore Ts'o
2021-04-22 7:50 ` Eric Biggers
2021-04-21 20:27 Weikeng Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YIAta3cRl8mk/RkH@unreal \
--to=leon@kernel.org \
--cc=a.shelat@northeastern.edu \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dwysocha@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pakki001@umn.edu \
--cc=sudipm.mukherjee@gmail.com \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.