Comment by notdang
4 years ago
The main issue here is that it wastes the time of the reviewers and they did not address it in their reply.
4 years ago
The main issue here is that it wastes the time of the reviewers and they did not address it in their reply.
To help clarify for purposes of continuing the discussion the original research did address the issue of minimizing the time of the reviewers [1] [2]. Seems the maintainers were OK with that as no actions were taken other than an implied request to stop that kind of research.
Now a different researcher from UMN, Aditya Pakki, has submitted a patch which contains bugs that seems to be attempting to do the same type of pen testing although the PhD student denied it.
1. Section IV.A of the paper, as pointed out by user MzxgckZtNqX5i in this comment: > Honoring maintainer efforts. The OSS communities are understaffed, and maintainers are mainly volunteers. We respect OSS volunteers and honor their efforts. Unfortunately, this experiment will take certain time of maintainers in reviewing the patches. To minimize the efforts, (1) we make the minor patches as simple as possible (all of the three patches are less than 5 lines of code changes); (2) we find three real minor issues (i.e., missing an error message, a memory leak, and a refcount bug), and our patches will ultimately contribute to fixing them.karsinkk
4 years ago
2. Clarifications on the “hypocrite commit” work (FAQ)
Agreed. This feel more like an involuntary social experiment and it just uses up the Kernel maintainers bandwidth. Reviewing code is difficult, even more so when the committer is set out to introduce bad code in the first place.