gkh vs umn, or: what IS human research, anyways? - GNU/Linux

Users browsing this thread: 1 Guest(s)
sth
Long time nixers
i'm sure this won't be the first place most people hear about this... some researchers are in hot water with the kernel team after being accused of intentionally submitting bad patches in some overwrought attempt to prove that kernel maintainers are... humans?

https://lore.kernel.org/linux-nfs/YH+7Zy...kroah.com/

UMN's response: https://cse.umn.edu/cs/statement-cse-lin...il-21-2021

there's a great breakdown of the whole situation on lwn.net if you're a subscriber - otherwise the mailing list thread is pretty clear as well.
-------
nvsbl.org
jkl
Long time nixers
According to various news, there had been malicious patches which were added to the Linux kernel with not much review, so at least the experiment was successful. If they hadn't written an article about how easy it is to add holes to the Linux kernel, they probably would have added even more security holes.

Long story short: it seems that the Bazaar model is broken by design and any system which is based on it is inherently unsafe and should be replaced by something less broken.
sth
Long time nixers
i'm not a linux apologist but i wonder if this really says anything specific about the kernel "team" that can't be more broadly applied to any open source project. i read a comment from someone that basically said: this is just a laborious way to prove that, given enough time and energy, malicious code can make it past review.
venam
Administrators
(21-04-2021, 10:20 PM)sth Wrote: Given enough time and energy, malicious code can make it past review.

Given enough time, money, and energy you can achieve anything.
s0kx
Members
Quote:we will have to report this, AGAIN, to your university

vs

Quote:We take this situation extremely seriously. We have immediately suspended this line of research.

Just a slight contradiction here don't you think? ;)
jkl
Long time nixers
(21-04-2021, 10:20 PM)sth Wrote: given enough time and energy, malicious code can make it past review.

I’m rather sure that other projects apply a more thorough review.