lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0497ed376578f8a6579d3e663a487c870675c9c7.camel@HansenPartnership.com>
Date: Tue, 14 Jan 2025 10:39:41 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Jan Kara <jack@...e.cz>, Dmitry Vyukov <dvyukov@...gle.com>
Cc: Kent Overstreet <kent.overstreet@...ux.dev>, Kun Hu
 <huk23@...udan.edu.cn>,  jlayton@...hat.com, tytso@....edu,
 adilger.kernel@...ger.ca, david@...morbit.com,  bfields@...hat.com,
 viro@...iv.linux.org.uk, christian.brauner@...ntu.com,  hch@....de,
 linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
 brauner@...nel.org, linux-bcachefs@...r.kernel.org,
 syzkaller@...glegroups.com
Subject: Re: Bug: INFO_ task hung in lock_two_nondirectories

On Tue, 2025-01-14 at 14:58 +0100, Jan Kara wrote:
> On Tue 14-01-25 10:07:03, Dmitry Vyukov wrote:
> > I also don't fully understand the value of "we also reported X bugs
> > to the upstream kernel" for research papers. There is little
> > correlation with the quality/novelty of research.
> 
> Since I was working in academia in the (distant) pass, let me share
> my (slightly educated) guess: In the paper you're supposed to show
> practical applicability and relevance of the improvement you propose.
> It doesn't have to be really useful but it has to sound useful enough
> to convince paper reviewer. I suppose in the fuzzer area this
> "practical applicability" part boils down how many bugs were
> reported...

It's not just that, as a recent reviewer for several Academic
Conferences, you always ask about the upstream status.  Chances are if
someone worked on open source but didn't send anything upstream that
was because there wasn't enough value to send.  However, when stuff
does go to upstream lists, you can at least look at what upstream made
of it as part of the review (the guilty confession would be this can be
done quite easily and does break supposedly blind reviews, but it is
very valuable).  Conferences now have open source badges and artifacts
to encourage this behaviour.  I'm afraid this now means that if you're
aiming at a Conference and you didn't send anything upstream you're
quite likely to get a rejection on that fact alone.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ