gkh vs umn, or: what IS human research, anyways? - GNU/Linux

Users browsing this thread: 1 Guest(s)
Long time nixers
i'm sure this won't be the first place most people hear about this... some researchers are in hot water with the kernel team after being accused of intentionally submitting bad patches in some overwrought attempt to prove that kernel maintainers are... humans?


UMN's response: https://cse.umn.edu/cs/statement-cse-lin...il-21-2021

there's a great breakdown of the whole situation on lwn.net if you're a subscriber - otherwise the mailing list thread is pretty clear as well.
Long time nixers
According to various news, there had been malicious patches which were added to the Linux kernel with not much review, so at least the experiment was successful. If they hadn't written an article about how easy it is to add holes to the Linux kernel, they probably would have added even more security holes.

Long story short: it seems that the Bazaar model is broken by design and any system which is based on it is inherently unsafe and should be replaced by something less broken.
Long time nixers
i'm not a linux apologist but i wonder if this really says anything specific about the kernel "team" that can't be more broadly applied to any open source project. i read a comment from someone that basically said: this is just a laborious way to prove that, given enough time and energy, malicious code can make it past review.
(21-04-2021, 10:20 PM)sth Wrote: Given enough time and energy, malicious code can make it past review.

Given enough time, money, and energy you can achieve anything.
Quote:we will have to report this, AGAIN, to your university


Quote:We take this situation extremely seriously. We have immediately suspended this line of research.

Just a slight contradiction here don't you think? ;)
Long time nixers
(21-04-2021, 10:20 PM)sth Wrote: given enough time and energy, malicious code can make it past review.

I’m rather sure that other projects apply a more thorough review.