From: James Morris <jmorris@namei.org>
To: Julia Lawall <julia.lawall@inria.fr>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Roland Dreier <roland@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
ksummit@lists.linux.dev
Subject: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches
Date: Thu, 22 Apr 2021 07:37:24 +1000 (AEST) [thread overview]
Message-ID: <d95ee281-4dc0-c5c1-ec87-81d83f44979@namei.org> (raw)
In-Reply-To: <alpine.DEB.2.22.394.2104212233450.20674@hadrien>
On Wed, 21 Apr 2021, Julia Lawall wrote:
> The apology states that they didn't detect any vulnerabilities. They
> found three non exploitable bugs and submitted incorrect patches for them.
> When the patches received some positive feedback, they explained that the
> patches were incorrect and provided a proper fix.
>
> So they damaged trust, but not actually the Linux kernel...
The issue is that there was no consent and no coordination, so we don't
know the scope of the experiment and whether it was still continuing.
We are this not able to trust anything the group said about what they'd
done or not done, until now [1].
In all probability there is nothing further amiss but we would not have
expected them to use fake gmail accounts to submit bugs to the kernel
either.
It's now on us to audit all of their known contributions, because we don't
know the scope of the experiment, which was based on the use of deception,
and we can't make any assumptions based on what they have said.
We also need the identity of the 'random' gmail accounts they used,
although this should be handled by a small trusted group in private, as it
will lead to privacy issues for kernel maintainers who responded to them
in public.
[1] The UMN CS leadership has made a public statement now that the
research is now suspended:
https://twitter.com/UMNComputerSci/status/1384948683821694976
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2021-04-21 21:49 UTC|newest]
Thread overview: 153+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 18:35 [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches James Bottomley
2021-04-21 18:46 ` Christian Borntraeger
2021-04-21 18:51 ` Alexey Dobriyan
2021-04-21 18:53 ` Christian Borntraeger
2021-04-21 19:06 ` Al Viro
2021-04-21 19:14 ` James Bottomley
2021-04-21 19:22 ` Steven Rostedt
2021-04-21 19:26 ` Kees Cook
2021-04-21 19:32 ` Roland Dreier
2021-04-21 19:55 ` Julia Lawall
2021-04-21 20:28 ` Stephen Hemminger
2021-04-21 20:37 ` Julia Lawall
2021-04-21 20:45 ` Steven Rostedt
2021-04-21 20:50 ` Julia Lawall
2021-04-21 21:03 ` Jiri Kosina
2021-04-21 21:37 ` James Morris [this message]
2021-04-22 7:34 ` Geert Uytterhoeven
2021-04-22 7:51 ` Mike Rapoport
2021-04-22 8:45 ` Christian Brauner
2021-04-22 15:27 ` Steven Rostedt
2021-04-22 9:39 ` Mauro Carvalho Chehab
2021-04-22 9:55 ` Mauro Carvalho Chehab
2021-04-22 12:01 ` Leon Romanovsky
2021-04-22 12:26 ` Mark Brown
2021-04-22 12:35 ` Leon Romanovsky
2021-04-22 12:52 ` Hans Verkuil
2021-04-22 13:33 ` Mauro Carvalho Chehab
2021-04-22 13:42 ` Leon Romanovsky
2021-04-22 12:18 ` Leon Romanovsky
2021-04-22 15:38 ` Shuah Khan
2021-04-23 9:06 ` Mauro Carvalho Chehab
2021-04-23 17:17 ` Leon Romanovsky
2021-04-23 22:41 ` Shuah Khan
2021-04-22 5:59 ` Christoph Hellwig
2021-04-22 6:28 ` Tomasz Figa
2021-04-22 7:05 ` Al Viro
2021-04-22 7:46 ` Al Viro
2021-04-22 7:06 ` H. Peter Anvin
2021-04-22 7:05 ` Jiri Kosina
2021-04-22 16:05 ` Roland Dreier
2021-04-22 16:24 ` Krzysztof Kozlowski
2021-04-22 18:03 ` Al Viro
2021-04-22 22:35 ` Thomas Gleixner
2021-04-22 22:53 ` Laurent Pinchart
2021-07-20 16:26 ` Kernel sustainability (was Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Daniel Vetter
2021-04-21 19:30 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Jiri Kosina
2021-04-21 20:28 ` Jiri Kosina
2021-04-21 22:18 ` Shuah Khan
2021-04-21 23:17 ` Guenter Roeck
2021-04-21 23:21 ` Shuah Khan
2021-04-21 19:47 ` Dan Carpenter
2021-04-22 9:34 ` Mauro Carvalho Chehab
2021-04-22 9:59 ` Johannes Berg
2021-04-22 10:52 ` Mauro Carvalho Chehab
2021-04-22 12:16 ` Mike Rapoport
2021-04-22 13:41 ` Mauro Carvalho Chehab
2021-04-22 20:15 ` Alexandre Belloni
2021-04-23 0:09 ` Randy Dunlap
2021-04-21 19:49 ` Alexandre Belloni
2021-04-22 2:05 ` Martin K. Petersen
2021-04-22 3:04 ` Joe Perches
2021-04-22 10:13 ` Mauro Carvalho Chehab
2021-04-22 12:07 ` Mark Brown
2021-04-22 16:42 ` Bart Van Assche
2021-04-22 17:58 ` Jiri Kosina
2021-04-22 4:21 ` Leon Romanovsky
2021-04-22 4:56 ` Al Viro
2021-04-22 5:52 ` Leon Romanovsky
2021-04-22 6:05 ` Christoph Hellwig
2021-04-22 6:03 ` Christoph Hellwig
2021-04-22 6:18 ` Leon Romanovsky
2021-04-22 9:20 ` Mauro Carvalho Chehab
2021-04-22 11:34 ` Leon Romanovsky
2021-04-22 13:22 ` Mark Brown
2021-04-22 13:47 ` Leon Romanovsky
2021-04-22 13:51 ` Mark Brown
2021-04-22 14:12 ` Mauro Carvalho Chehab
2021-04-22 14:51 ` Leon Romanovsky
2021-04-22 13:29 ` Steven Rostedt
2021-04-22 13:58 ` Leon Romanovsky
2021-04-22 14:20 ` Rob Herring
2021-04-23 6:04 ` Mauro Carvalho Chehab
2021-04-23 6:46 ` Joe Perches
2021-04-23 7:13 ` Mauro Carvalho Chehab
2021-04-23 7:20 ` [PATCH RFC] scripts: add a script for sending patches Mauro Carvalho Chehab
2021-04-23 14:52 ` Better tools for sending patches (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Doug Anderson
2021-04-23 16:03 ` Mark Brown
2021-04-23 17:12 ` Leon Romanovsky
2021-04-26 23:50 ` Simon Glass
2021-04-22 12:53 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Konstantin Ryabitsev
2021-04-22 13:08 ` Leon Romanovsky
2021-04-22 13:27 ` Konstantin Ryabitsev
2021-04-22 13:41 ` Leon Romanovsky
2021-04-22 16:28 ` Serge E. Hallyn
2021-04-22 17:56 ` Leon Romanovsky
2021-04-22 18:05 ` backfilling threads with b4 (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Konstantin Ryabitsev
2021-04-23 7:19 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Greg KH
2021-04-23 7:31 ` Christian Brauner
2021-04-23 18:50 ` Konstantin Ryabitsev
2021-04-22 12:40 ` Mark Brown
2021-04-22 12:54 ` Mike Rapoport
2021-04-22 13:23 ` Mark Brown
2021-04-22 15:19 ` Steven Rostedt
2021-04-22 21:19 ` Thomas Gleixner
2021-04-22 21:36 ` Steven Rostedt
2021-04-22 22:39 ` Thomas Gleixner
2021-04-23 0:26 ` Joe Perches
2021-04-23 6:15 ` Greg KH
2021-04-23 6:50 ` Dan Williams
2021-04-23 7:13 ` Geert Uytterhoeven
2021-04-23 14:41 ` Shuah Khan
2021-04-23 9:12 ` Michal Hocko
2021-04-22 14:51 ` Laurent Pinchart
2021-04-22 15:14 ` Mike Rapoport
2021-04-22 15:17 ` Laurent Pinchart
2021-04-22 15:35 ` Al Viro
2021-04-22 15:32 ` Shuah Khan
2021-04-22 10:35 ` Mauro Carvalho Chehab
2021-04-22 11:03 ` Sudip Mukherjee
2021-04-22 14:00 ` Steven Rostedt
2021-04-22 14:07 ` Jiri Kosina
2021-04-22 15:31 ` Sudip Mukherjee
2021-04-22 21:33 ` Thomas Gleixner
2021-04-22 20:28 ` Andrew Morton
2021-04-22 20:46 ` Steven Rostedt
2021-04-22 12:32 ` Martin K. Petersen
2021-04-22 15:11 ` Laurent Pinchart
2021-04-22 15:28 ` James Bottomley
2021-04-22 15:35 ` Johannes Berg
2021-04-22 15:36 ` Mark Brown
2021-04-22 15:40 ` James Bottomley
2021-04-23 9:27 ` Dan Carpenter
2021-04-22 13:24 ` Konstantin Ryabitsev
2021-04-22 14:31 ` Mauro Carvalho Chehab
2021-04-22 15:34 ` Shuah Khan
2021-04-22 15:42 ` James Bottomley
2021-04-22 15:48 ` James Bottomley
2021-04-22 15:52 ` Steven Rostedt
2021-04-22 16:08 ` Shuah Khan
2021-04-22 16:13 ` Jan Kara
2021-04-22 17:04 ` Steven Rostedt
2021-04-22 17:08 ` Martin K. Petersen
2021-04-23 11:16 ` Jan Kara
2021-04-23 12:57 ` Mauro Carvalho Chehab
2021-04-23 7:58 ` Mauro Carvalho Chehab
2021-04-23 10:54 ` Greg KH
2021-04-23 17:09 ` Leon Romanovsky
2021-04-22 16:23 ` Konstantin Ryabitsev
2021-04-22 16:38 ` Bart Van Assche
2021-04-22 16:57 ` Leon Romanovsky
2021-04-22 18:03 ` Jiri Kosina
2021-04-22 21:26 ` Thomas Gleixner
2021-04-22 21:36 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d95ee281-4dc0-c5c1-ec87-81d83f44979@namei.org \
--to=jmorris@namei.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=julia.lawall@inria.fr \
--cc=ksummit@lists.linux.dev \
--cc=roland@kernel.org \
--cc=rostedt@goodmis.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).