← Back to context

Comment by ORioN63

4 years ago

It's not _the_ problem, but it's an actual problem. If you follow the thread, it seems they did manage to get a few approved:

https://lore.kernel.org/linux-nfs/YH%2F8jcoC1ffuksrf@kroah.c...

I agree this whole thing paints a really ugly picture, but it seems to validate the original concerns?

3 comments

ORioN63

Reply
varjag  4 years ago

Even if those they did get approved were actual security holes (not benign decoys), all that it validates is no human is infallible. Well CONGRATULATIONS.

  • Tempest1981  4 years ago

    Right. And you would need a larger sample size to determine what % of the time that occurs, on average. But even then, is that useful and valid information? And is it actionable? (And if so, what is the cost of the action, and the opportunity cost of lost fixes in other areas?)

Throwaway951200  4 years ago

Open Source is not water proof if known committer, from well known faculty (in this case University of Minnesota) decides to send buggy patches. However, this was catched relatively quickly, but the behavior even after being caught is reprehensible:

> You, and your group, have publicly admitted to sending known-buggy patches to see how the kernel community would react to them, and published a paper based on that work. > > Now you submit a new series of obviously-incorrect patches again, so what am I supposed to think of such a thing?

If they kept doing it even after being caught, is beyond understandable.