← Back to context

Comment by hpoe

4 years ago

It doesn't matter. I think this is totally appropriate. A group of students are submitting purposely buggy patches? It isn't the kernels team to sift through and distinguish they come down and nuke the entire university. This sends a message to any other University thinking of a similar stunt you try this bull hockey you and your entire university are going to get caught in the blast radius.

In short "f** around, find out"

5 comments

hpoe

Reply
shadowgovt  4 years ago

On the plus side, I guess they get a hell of a result for that research paper they were working on.

"We sought to probe vulnerabilities of the open-source public-development process, and our results include a methodology for getting an entire university's email domain banned from contributing."

  • mirchibajji  4 years ago

    Given the attitude of "the researchers" and an earlier paper [1] so far, somehow I doubt they will act in good faith this time.

    For instance:

    "D. Feedback of the Linux Community. We summarized our findings and suggestions, and reported them to the Linux community. Here we briefly present their feedback. First, the Linux community mentioned that they will not accept preventive patches and will fix code only when it goes wrong. They hope kernel hardening features like KASLR can mitigate impacts from unfixed vulnerabilities. Second, they believed that the great Linux community is built upon trust. That is, they aim to treat everyone equally and would not assume that some contributors might be malicious. Third, they mentioned that bug-introducing patches is a known problem in the community. They also admitted that the patch review is largely manual and may make mistakes. However, they would do their best to review the patches. Forth, they stated that Linux and many companies are continually running bug-finding tools to prevent security bugs from hurting the world. Last, they mentioned that raising the awareness of the risks would be hard because the community is too large."

    [1] https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.i...

    • _jal  4 years ago

      That is just appalling. I'm glad these jokers used their real names; it will be easier to avoid them in the future.

seoaeu  4 years ago

I seriously doubt this policy would have been adopted if other unrelated groups at the same university were submitting constructive patches.