From: "J. Bruce Fields" <bfields@fieldses.org> To: Leon Romanovsky <leon@kernel.org> Cc: "Shelat, Abhi" <a.shelat@northeastern.edu>, Greg KH <gregkh@linuxfoundation.org>, Sudip Mukherjee <sudipm.mukherjee@gmail.com>, Aditya Pakki <pakki001@umn.edu>, Chuck Lever <chuck.lever@oracle.com>, Trond Myklebust <trond.myklebust@hammerspace.com>, Anna Schumaker <anna.schumaker@netapp.com>, "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, Dave Wysochanski <dwysocha@redhat.com>, "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>, netdev <netdev@vger.kernel.org>, linux-kernel <linux-kernel@vger.kernel.org> Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg Date: Wed, 21 Apr 2021 09:56:37 -0400 [thread overview] Message-ID: <20210421135637.GB27929@fieldses.org> (raw) In-Reply-To: <YIAta3cRl8mk/RkH@unreal> On Wed, Apr 21, 2021 at 04:49:31PM +0300, Leon Romanovsky wrote: > On Wed, Apr 21, 2021 at 09:37:27AM -0400, J. Bruce Fields wrote: > > On Wed, Apr 21, 2021 at 11:58:08AM +0000, Shelat, Abhi wrote: > > > Academic research should NOT waste the time of a community. > > > > > > If you believe this behavior deserves an escalation, you can contact > > > the Institutional Review Board (irb@umn.edu) at UMN to investigate > > > whether this behavior was harmful; in particular, whether the research > > > activity had an appropriate IRB review, and what safeguards prevent > > > repeats in other communities. > > > > For what it's worth, they do address security, IRB, and maintainer-time > > questions in "Ethical Considerations", starting on p. 8: > > > > https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf > > > > (Summary: in that experiment, they claim actual fixes were sent before > > the original (incorrect) patches had a chance to be committed; that > > their IRB reviewed the plan and determined it was not human research; > > and that patches were all small and (after correction) fixed real (if > > minor) bugs.) > > > > This effort doesn't appear to be following similar protocols, if Leon > > Romanvosky and Aditya Pakki are correct that security holes have already > > reached stable. > > Aditya Pakki is the one who is sending those patches. Argh, sorry, I I meant Sudip Mukherjee, who reported their reaching stable. Apologies. > If you want to see another accepted patch that is already part of > stable@, you are invited to take a look on this patch that has "built-in bug": > 8e949363f017 ("net: mlx5: Add a missing check on idr_find, free buf") Interesting, thanks. --b.
next prev parent reply other threads:[~2021-04-21 13:56 UTC|newest] Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-04-07 0:16 Aditya Pakki 2021-04-07 15:34 ` J. Bruce Fields 2021-04-08 15:01 ` Trond Myklebust 2021-04-08 15:24 ` Olga Kornievskaia 2021-04-08 16:02 ` Trond Myklebust 2021-04-20 7:15 ` Greg KH 2021-04-20 17:10 ` J. Bruce Fields 2021-04-21 5:10 ` Leon Romanovsky 2021-04-21 5:43 ` Greg KH 2021-04-21 6:08 ` Leon Romanovsky [not found] ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com> 2021-04-21 8:15 ` Greg KH 2021-04-21 10:07 ` Sudip Mukherjee 2021-04-21 10:21 ` Greg KH 2021-04-21 11:58 ` Shelat, Abhi 2021-04-21 12:08 ` Greg KH 2021-04-21 12:19 ` Leon Romanovsky 2021-04-21 13:11 ` Trond Myklebust 2021-04-21 13:20 ` Leon Romanovsky 2021-04-21 13:42 ` Steven Rostedt 2021-04-21 13:21 ` gregkh 2021-04-21 13:34 ` Leon Romanovsky 2021-04-21 13:50 ` gregkh 2021-04-21 14:12 ` Leon Romanovsky 2021-04-21 18:50 ` Alexander Grund 2021-04-21 13:37 ` J. Bruce Fields 2021-04-21 13:49 ` Leon Romanovsky 2021-04-21 13:56 ` J. Bruce Fields [this message] 2021-04-22 19:39 ` J. Bruce Fields 2021-04-23 17:25 ` Leon Romanovsky 2021-04-23 18:07 ` J. Bruce Fields 2021-04-23 19:29 ` Leon Romanovsky 2021-04-23 21:48 ` J. Bruce Fields 2021-04-24 7:21 ` Leon Romanovsky 2021-04-24 18:34 ` Al Viro 2021-04-24 21:34 ` J. Bruce Fields 2021-04-25 0:41 ` Theodore Ts'o 2021-04-25 6:29 ` Greg KH [not found] ` <20210426133605.GD21222@fieldses.org> 2021-04-26 13:47 ` J. Bruce Fields 2021-04-22 8:10 ` Sudip Mukherjee 2021-04-22 8:27 ` Greg KH 2021-04-21 12:51 ` Anna Schumaker 2021-04-21 14:15 ` Leon Romanovsky 2021-04-21 15:48 ` Theodore Ts'o 2021-04-21 17:34 ` Mike Rapoport 2021-04-22 3:57 ` Leon Romanovsky 2021-04-21 22:52 ` Guenter Roeck [not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com> 2021-04-21 19:49 ` Theodore Ts'o 2021-04-22 7:50 ` Eric Biggers 2021-04-21 20:27 Weikeng Chen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210421135637.GB27929@fieldses.org \ --to=bfields@fieldses.org \ --cc=a.shelat@northeastern.edu \ --cc=anna.schumaker@netapp.com \ --cc=chuck.lever@oracle.com \ --cc=davem@davemloft.net \ --cc=dwysocha@redhat.com \ --cc=gregkh@linuxfoundation.org \ --cc=kuba@kernel.org \ --cc=leon@kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-nfs@vger.kernel.org \ --cc=netdev@vger.kernel.org \ --cc=pakki001@umn.edu \ --cc=sudipm.mukherjee@gmail.com \ --cc=trond.myklebust@hammerspace.com \ --subject='Re: [PATCH] SUNRPC: Add a check for gss_release_msg' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).