| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Apr 2021 16:34:00 +0300
From: Leon Romanovsky <leon@...nel.org>
To: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
Cc: Trond Myklebust <trondmy@...merspace.com>,
"a.shelat@...theastern.edu" <a.shelat@...theastern.edu>,
"davem@...emloft.net" <davem@...emloft.net>,
"chuck.lever@...cle.com" <chuck.lever@...cle.com>,
"dwysocha@...hat.com" <dwysocha@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"kuba@...nel.org" <kuba@...nel.org>,
"sudipm.mukherjee@...il.com" <sudipm.mukherjee@...il.com>,
"bfields@...ldses.org" <bfields@...ldses.org>,
"anna.schumaker@...app.com" <anna.schumaker@...app.com>,
"pakki001@....edu" <pakki001@....edu>,
"linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
On Wed, Apr 21, 2021 at 03:21:15PM +0200, gregkh@...uxfoundation.org wrote:
> On Wed, Apr 21, 2021 at 01:11:03PM +0000, Trond Myklebust wrote:
> > On Wed, 2021-04-21 at 15:19 +0300, Leon Romanovsky wrote:
> > > On Wed, Apr 21, 2021 at 11:58:08AM +0000, Shelat, Abhi wrote:
> > > > > >
> > > > > > > > They introduce kernel bugs on purpose. Yesterday, I took a
> > > > > > > > look on 4
> > > > > > > > accepted patches from Aditya and 3 of them added various
> > > > > > > > severity security
> > > > > > > > "holes".
> > > > > > >
> > > > > > > All contributions by this group of people need to be
> > > > > > > reverted, if they
> > > > > > > have not been done so already, as what they are doing is
> > > > > > > intentional
> > > > > > > malicious behavior and is not acceptable and totally
> > > > > > > unethical. I'll
> > > > > > > look at it after lunch unless someone else wants to do it…
> > > > > >
> > > >
> > > > <snip>
> > > >
> > > > Academic research should NOT waste the time of a community.
> > > >
> > > > If you believe this behavior deserves an escalation, you can
> > > > contact the Institutional Review Board (irb@....edu) at UMN to
> > > > investigate whether this behavior was harmful; in particular,
> > > > whether the research activity had an appropriate IRB review, and
> > > > what safeguards prevent repeats in other communities.
> > >
> > > The huge advantage of being "community" is that we don't need to do
> > > all
> > > the above and waste our time to fill some bureaucratic forms with
> > > unclear
> > > timelines and results.
> > >
> > > Our solution to ignore all @umn.edu contributions is much more
> > > reliable
> > > to us who are suffering from these researchers.
> > >
> >
> > <shrug>That's an easy thing to sidestep by just shifting to using a
> > private email address.</shrug>
>
> If they just want to be jerks, yes. But they can't then use that type
> of "hiding" to get away with claiming it was done for a University
> research project as that's even more unethical than what they are doing
> now.
>
> > There really is no alternative for maintainers other than to always be
> > sceptical of patches submitted by people who are not known and trusted
> > members of the community, and to scrutinise those patches with more
> > care.
>
> Agreed, and when we notice things like this that were determined to be
> bad, we have the ability to easily go back and rip the changes out and
> we can slowly add them back if they are actually something we want to
> do.
>
> Which is what I just did:
> https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/
Greg,
Did you push your series to the public git? I would like to add you a
couple of reverts.
And do you have a list of not reverted commits? It will save us from
doing same comparison of reverted/not reverted over and over.
Thanks
>
> thanks,
>
> greg k-h
Powered by blists - more mailing lists