[GTALUG] Linus Torvalds Responds to Linux Banning University of Minnesota

Aruna Hewapathirane aruna.hewapathirane at gmail.com
Sun Apr 25 13:44:35 EDT 2021 

On Sun, Apr 25, 2021 at 11:32 AM D. Hugh Redelmeier via talk <
talk at gtalug.org> wrote:

> | From: Aruna Hewapathirane via talk <talk at gtalug.org>
>
> Thanks for pointing this out.  (I used to subscribe to the LKML but it
> just got too voluminous.)
>

Hello Hugh I never subscribed I just read it now and then :-)

| I am still trying to understand the reason 'why' would anyone even want to
> | do this ?
>
> The first question is "what, exactly, is 'this'?".
>
> I've ONLY read media reports and their recent apology.  So I'm not the
> most informed.
> <
> https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/T/#u
> >
>
> Some reactions.
>
> The apology starts with:
>
>   "We sincerely apologize for any harm our research group did to the
>    Linux kernel community."
>
> This common formulation rubs me the wrong way.  The word "any" means
> that they are not actually admitting to there being harm.  If they had used
> "the" or "all", I would interpret it as a genuine apology.
>
> Later they seem more contrite.  But it is buried at the end of a
> paragraph, near the end of the message>
>
>   "We apologize unconditionally for what we now recognize was a breach of
>    the shared trust in the open source community and seek forgiveness for
>    our missteps."
>
> I think that they may have done the communities a service.  This kind
> of weakness injection has always been available to bad actors.  In
> this case, it was an actor intending to do good.
>
> - they don't think that they actually added a vulnerability
>
> - they demonstrated how adding a vulnerability could be done
>
> GKH appears to have over-reacted.  (I may be wrong: he's always seemed
> like a rock-steady guy.)
>
> He's reverting 190 commits that were not declared to be part of this
> experiment.  It is claimed, in the apology, that those ones were done
> in good faith.
>
> I do find it odd that the "research" was done last August but that the
> hoax was only revealed recently.
>
> Looking more closely at a claim in the apology message:
>
> * This work did not introduce vulnerabilities into the Linux code. The
>   three incorrect patches were discussed and stopped during exchanges in
>   a Linux message board, and never committed to the code. We reported
>   the findings and our conclusions (excluding the incorrect patches) of
>   the work to the Linux community before paper submission, collected
>   their feedback, and included them in the paper.
>
> What "message board"?  Do they mean the Linux Kernel Mailing List (not
> a message board)?
>
> What does "stopped" actually mean?  My understanding was that these
> changes were actually committed.  Perhaps I'm wrong.
>
>
> This is intriguing:
>
> * We understand the desire of the community to gain access to and
>   examine the three incorrect patches. Doing so would reveal the
>   identity of members of the community who responded to these patches on
>   the message board. Therefore, we are working to obtain their consent
>   before revealing these patches.
>
> So there *must* be more disclosure.  Until then, we cannot be
> satisfied.
>

I think the best person who is 'qualified' to answer these questions would
be Dhaval ?
As he has code in the kernel and is the current Software manager at Oracle.

Aruna ( Am thinking what have I started now ... )


> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20210425/aafbefd3/attachment.html>

More information about the talk mailing list