lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Apr 2021 19:16:10 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Doug Ledford <dledford@...hat.com>
Cc:     Jason Gunthorpe <jgg@...dia.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Aditya Pakki <pakki001@....edu>, Kangjie Lu <kjlu@....edu>,
        Qiushi Wu <wu000273@....edu>, x86@...nel.org,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        "Rafael J. Wysocki" <rjw@...ysocki.net>,
        Arnd Bergmann <arnd@...db.de>, David Airlie <airlied@...ux.ie>,
        Michael Turquette <mturquette@...libre.com>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Linus Walleij <linus.walleij@...aro.org>,
        Bartosz Golaszewski <bgolaszewski@...libre.com>,
        Daniel Vetter <daniel@...ll.ch>,
        Jean Delvare <jdelvare@...e.com>,
        Guenter Roeck <linux@...ck-us.net>,
        Jiri Kosina <jikos@...nel.org>, Will Deacon <will@...nel.org>,
        Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        Jakub Kicinski <kuba@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Johan Hovold <johan@...nel.org>,
        Jiri Slaby <jirislaby@...nel.org>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Johannes Berg <johannes@...solutions.net>,
        Takashi Iwai <tiwai@...e.com>
Subject: Re: [PATCH 000/190] Revertion of all of the umn.edu commits

On Thu, Apr 22, 2021 at 02:53:12PM -0400, Doug Ledford wrote:

> This all really sounds like a knee-jerk reaction to thier posting.  I
> have to say, I think it's the wrong reaction to have.

Agreed, however...

> Remember, these
> guys are the ones explaining how things can be done and exposing the
> tricks.

... these guys are the one who provide summarized stats (as opposed to
the raw data and experimental protocol) illustrating their thesis,
along with some advocacy towards their prefered "solutions".

> That puts them in the white-hat hacker camp, not the black-hat
> hacker camp.  You shouldn't be banning them, you should be listening to
> them and seeing if they found any constructive ways to improve and
> harden the maintenance process against these sorts of things.

I'm sorry, but what they are doing is no science - it's advocacy.
The data would certainly be useful - how the submission attempts
went, what correlated with successful ones - timing relative to -rc,
lists involved, etc.; I can think of a bunch of possible factors,
but there's no way to test any of that against their data.
Examining the threads around individual submissions would also be
interesting and might bring useful information.  Except that we
can't do that, since they have not even bothered to publish the
list of SHA1 of commits they got in, nevermind the Message-Id of
the relevant emails.

I don't like the circus with blanket reverts either, for a lot
of reasons.  And ethics questions aside, their raw data might
very well be worth looking into, but as for the trust in their
conclusions... I've seen xenobiology papers done better than
that.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ