Linux Kernel Summit discussions
 help / color / Atom feed
From: Geert Uytterhoeven <geert@linux-m68k.org>
To: James Morris <jmorris@namei.org>
Cc: Julia Lawall <julia.lawall@inria.fr>,
	Stephen Hemminger <stephen@networkplumber.org>,
	 Roland Dreier <roland@kernel.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	 James Bottomley <James.Bottomley@hansenpartnership.com>,
	ksummit@lists.linux.dev
Subject: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches
Date: Thu, 22 Apr 2021 09:34:38 +0200
Message-ID: <CAMuHMdU=c2bY1_sq+rSh1fON5QhNx8xWqMQLT+cD0BpqG0RtCg@mail.gmail.com> (raw)
In-Reply-To: <d95ee281-4dc0-c5c1-ec87-81d83f44979@namei.org>

On Wed, Apr 21, 2021 at 11:50 PM James Morris <jmorris@namei.org> wrote:
> On Wed, 21 Apr 2021, Julia Lawall wrote:
> > The apology states that they didn't detect any vulnerabilities.  They
> > found three non exploitable bugs and submitted incorrect patches for them.
> > When the patches received some positive feedback, they explained that the
> > patches were incorrect and provided a proper fix.
> >
> > So they damaged trust, but not actually the Linux kernel...
>
> The issue is that there was no consent and no coordination, so we don't
> know the scope of the experiment and whether it was still continuing.
>
> We are this not able to trust anything the group said about what they'd
> done or not done, until now [1].
>
> In all probability there is nothing further amiss but we would not have
> expected them to use fake gmail accounts to submit bugs to the kernel
> either.
>
> It's now on us to audit all of their known contributions, because we don't
> know the scope of the experiment, which was based on the use of deception,
> and we can't make any assumptions based on what they have said.
>
> We also need the identity of the 'random' gmail accounts they used,
> although this should be handled by a small trusted group in private, as it
> will lead to privacy issues for kernel maintainers who responded to them
> in public.

What do we gain by blindly reverting all[1] umn.edu patches, and
ignoring future patches from umn.edu?
I think all of this is moot: other people may be doing the same thing,
or even "in worse faith".  The only thing that helps is making sure
patches get reviewed[2] before being applied.

[1] Judging from the new review comments, many of the 190 patches
    to be reverted were real fixes.
[2] Whether we can trust the reviewers is another question, and might
    become the topic of another research project :-(

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

  reply index

Thread overview: 153+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-21 18:35 James Bottomley
2021-04-21 18:46 ` Christian Borntraeger
2021-04-21 18:51 ` Alexey Dobriyan
2021-04-21 18:53   ` Christian Borntraeger
2021-04-21 19:06 ` Al Viro
2021-04-21 19:14 ` James Bottomley
2021-04-21 19:22 ` Steven Rostedt
2021-04-21 19:26   ` Kees Cook
2021-04-21 19:32   ` Roland Dreier
2021-04-21 19:55     ` Julia Lawall
2021-04-21 20:28       ` Stephen Hemminger
2021-04-21 20:37         ` Julia Lawall
2021-04-21 20:45           ` Steven Rostedt
2021-04-21 20:50             ` Julia Lawall
2021-04-21 21:03               ` Jiri Kosina
2021-04-21 21:37           ` James Morris
2021-04-22  7:34             ` Geert Uytterhoeven [this message]
2021-04-22  7:51               ` Mike Rapoport
2021-04-22  8:45                 ` Christian Brauner
2021-04-22 15:27                   ` Steven Rostedt
2021-04-22  9:39                 ` Mauro Carvalho Chehab
2021-04-22  9:55               ` Mauro Carvalho Chehab
2021-04-22 12:01                 ` Leon Romanovsky
2021-04-22 12:26                   ` Mark Brown
2021-04-22 12:35                     ` Leon Romanovsky
2021-04-22 12:52                       ` Hans Verkuil
2021-04-22 13:33                       ` Mauro Carvalho Chehab
2021-04-22 13:42                         ` Leon Romanovsky
2021-04-22 12:18                 ` Leon Romanovsky
2021-04-22 15:38                   ` Shuah Khan
2021-04-23  9:06                     ` Mauro Carvalho Chehab
2021-04-23 17:17                       ` Leon Romanovsky
2021-04-23 22:41                       ` Shuah Khan
2021-04-22  5:59     ` Christoph Hellwig
2021-04-22  6:28       ` Tomasz Figa
2021-04-22  7:05         ` Al Viro
2021-04-22  7:46           ` Al Viro
2021-04-22  7:06         ` H. Peter Anvin
2021-04-22  7:05       ` Jiri Kosina
2021-04-22 16:05       ` Roland Dreier
2021-04-22 16:24         ` Krzysztof Kozlowski
2021-04-22 18:03       ` Al Viro
2021-04-22 22:35         ` Thomas Gleixner
2021-04-22 22:53           ` Laurent Pinchart
2021-07-20 16:26             ` Kernel sustainability (was Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Daniel Vetter
2021-04-21 19:30 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Jiri Kosina
2021-04-21 20:28   ` Jiri Kosina
2021-04-21 22:18     ` Shuah Khan
2021-04-21 23:17       ` Guenter Roeck
2021-04-21 23:21         ` Shuah Khan
2021-04-21 19:47 ` Dan Carpenter
2021-04-22  9:34   ` Mauro Carvalho Chehab
2021-04-22  9:59     ` Johannes Berg
2021-04-22 10:52       ` Mauro Carvalho Chehab
2021-04-22 12:16         ` Mike Rapoport
2021-04-22 13:41           ` Mauro Carvalho Chehab
2021-04-22 20:15       ` Alexandre Belloni
2021-04-23  0:09         ` Randy Dunlap
2021-04-21 19:49 ` Alexandre Belloni
2021-04-22  2:05 ` Martin K. Petersen
2021-04-22  3:04   ` Joe Perches
2021-04-22 10:13     ` Mauro Carvalho Chehab
2021-04-22 12:07     ` Mark Brown
2021-04-22 16:42     ` Bart Van Assche
2021-04-22 17:58       ` Jiri Kosina
2021-04-22  4:21 ` Leon Romanovsky
2021-04-22  4:56   ` Al Viro
2021-04-22  5:52     ` Leon Romanovsky
2021-04-22  6:05     ` Christoph Hellwig
2021-04-22  6:03   ` Christoph Hellwig
2021-04-22  6:18     ` Leon Romanovsky
2021-04-22  9:20   ` Mauro Carvalho Chehab
2021-04-22 11:34     ` Leon Romanovsky
2021-04-22 13:22       ` Mark Brown
2021-04-22 13:47         ` Leon Romanovsky
2021-04-22 13:51           ` Mark Brown
2021-04-22 14:12         ` Mauro Carvalho Chehab
2021-04-22 14:51           ` Leon Romanovsky
2021-04-22 13:29       ` Steven Rostedt
2021-04-22 13:58         ` Leon Romanovsky
2021-04-22 14:20         ` Rob Herring
2021-04-23  6:04           ` Mauro Carvalho Chehab
2021-04-23  6:46             ` Joe Perches
2021-04-23  7:13               ` Mauro Carvalho Chehab
2021-04-23  7:20                 ` [PATCH RFC] scripts: add a script for sending patches Mauro Carvalho Chehab
2021-04-23 14:52                 ` Better tools for sending patches (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Doug Anderson
2021-04-23 16:03                   ` Mark Brown
2021-04-23 17:12                     ` Leon Romanovsky
2021-04-26 23:50                       ` Simon Glass
2021-04-22 12:53     ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Konstantin Ryabitsev
2021-04-22 13:08       ` Leon Romanovsky
2021-04-22 13:27         ` Konstantin Ryabitsev
2021-04-22 13:41           ` Leon Romanovsky
2021-04-22 16:28           ` Serge E. Hallyn
2021-04-22 17:56       ` Leon Romanovsky
2021-04-22 18:05         ` backfilling threads with b4 (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Konstantin Ryabitsev
2021-04-23  7:19       ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Greg KH
2021-04-23  7:31       ` Christian Brauner
2021-04-23 18:50         ` Konstantin Ryabitsev
2021-04-22 12:40   ` Mark Brown
2021-04-22 12:54     ` Mike Rapoport
2021-04-22 13:23       ` Mark Brown
2021-04-22 15:19         ` Steven Rostedt
2021-04-22 21:19           ` Thomas Gleixner
2021-04-22 21:36             ` Steven Rostedt
2021-04-22 22:39               ` Thomas Gleixner
2021-04-23  0:26                 ` Joe Perches
2021-04-23  6:15           ` Greg KH
2021-04-23  6:50             ` Dan Williams
2021-04-23  7:13             ` Geert Uytterhoeven
2021-04-23 14:41               ` Shuah Khan
2021-04-23  9:12             ` Michal Hocko
2021-04-22 14:51       ` Laurent Pinchart
2021-04-22 15:14         ` Mike Rapoport
2021-04-22 15:17           ` Laurent Pinchart
2021-04-22 15:35             ` Al Viro
2021-04-22 15:32           ` Shuah Khan
2021-04-22 10:35 ` Mauro Carvalho Chehab
2021-04-22 11:03   ` Sudip Mukherjee
2021-04-22 14:00     ` Steven Rostedt
2021-04-22 14:07       ` Jiri Kosina
2021-04-22 15:31         ` Sudip Mukherjee
2021-04-22 21:33           ` Thomas Gleixner
2021-04-22 20:28     ` Andrew Morton
2021-04-22 20:46       ` Steven Rostedt
2021-04-22 12:32   ` Martin K. Petersen
2021-04-22 15:11     ` Laurent Pinchart
2021-04-22 15:28     ` James Bottomley
2021-04-22 15:35       ` Johannes Berg
2021-04-22 15:36       ` Mark Brown
2021-04-22 15:40         ` James Bottomley
2021-04-23  9:27         ` Dan Carpenter
2021-04-22 13:24   ` Konstantin Ryabitsev
2021-04-22 14:31     ` Mauro Carvalho Chehab
2021-04-22 15:34   ` Shuah Khan
2021-04-22 15:42     ` James Bottomley
2021-04-22 15:48       ` James Bottomley
2021-04-22 15:52         ` Steven Rostedt
2021-04-22 16:08           ` Shuah Khan
2021-04-22 16:13           ` Jan Kara
2021-04-22 17:04             ` Steven Rostedt
2021-04-22 17:08             ` Martin K. Petersen
2021-04-23 11:16               ` Jan Kara
2021-04-23 12:57                 ` Mauro Carvalho Chehab
2021-04-23  7:58           ` Mauro Carvalho Chehab
2021-04-23 10:54             ` Greg KH
2021-04-23 17:09             ` Leon Romanovsky
2021-04-22 16:23         ` Konstantin Ryabitsev
2021-04-22 16:38       ` Bart Van Assche
2021-04-22 16:57         ` Leon Romanovsky
2021-04-22 18:03         ` Jiri Kosina
2021-04-22 21:26           ` Thomas Gleixner
2021-04-22 21:36             ` Jiri Kosina

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMuHMdU=c2bY1_sq+rSh1fON5QhNx8xWqMQLT+cD0BpqG0RtCg@mail.gmail.com' \
    --to=geert@linux-m68k.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=jmorris@namei.org \
    --cc=julia.lawall@inria.fr \
    --cc=ksummit@lists.linux.dev \
    --cc=roland@kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=stephen@networkplumber.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux Kernel Summit discussions

Archives are clonable:
	git clone --mirror https://lore.kernel.org/ksummit/0 ksummit/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ksummit ksummit/ https://lore.kernel.org/ksummit \
		ksummit@lists.linux.dev
	public-inbox-index ksummit

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/dev.linux.lists.ksummit


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git