Comment by duxup
4 years ago
>It sends a strong message
At a cost to mostly people who didn't / and I'll even say wouldn't do the bad thing.
4 years ago
>It sends a strong message
At a cost to mostly people who didn't / and I'll even say wouldn't do the bad thing.
I understand the point that you are making, but you have to look at it from the optics of the maintainer. The email made it clear that they submitted an official complaint to the ethics board and they didn't do anything. In that spirit it effectively means that any patch coming from that university could be vulnerability injection misrepresented as legitimate patches.
The Linux kernel has limited resources and if one university lack of oversight is causing the whole process to be stretched tinner than it already is then a ban seems like a valid solution.
@denvercoder9 had a good comment that might assuage your concern:
> It's not a ban on people, it's a ban on the institution that has demonstrated they can't be trusted to act in good faith. If people affilated with the UMN want to contribute to the Linux kernel, they can still do that on a personal title. They just can't do it as part of UMN research, but given that UMN has demonstrated they don't have safeguards to prevent bad faith research, that seems reasonable.
In this case, the cost is justified. The potential cost of kernel vulnerabilities is extremely high, and in some cases cause irrecoverable harm.
If that cost is high, why are they accepting and rejecting code based on email addresses?
https://twitter.com/FiloSottile/status/1384883910039986179
(Clearly the academic behavior is also a problem, there's no good justification for asking for reviews of known bad patches)