| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Apr 2021 18:32:38 +0200 From: Volker Weißmann <volker.weissmann@....de> To: linux-kernel@...r.kernel.org Subject: University of Minnesota paper Hello, I would like to inform everyone here, that I just wrote the mail below to the authors of the paper (wu000273@....edu and kjlu@....edu). When I receive an answer, I will post the answer here. Mail that I sent (from my university mail address): Hello, I saw your paper [1 <https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf>] where you claimed that you proposed patches with vulnerabilities to test the review process. Can you prove that you just did this to test the review process and not to actually introduce vulnerabilities. Did you tell some trustful people in advance that you are doing this to test the linux reviewers? Did you gave a text that says that those patches have vulnerabilities to a notary and told him to publish those texts after a certain date? Did you publish a hash of a message that explains that those patches are vulnerable in advance? No offense, but proposing patches with vulnerabilities and then claiming (after they got rejected) that you just did it to test the reviewers sounds like a really lame excuse to hide something truly malicious. [1]: https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf <https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf> Greetings Volker Weißmann
Powered by blists - more mailing lists