[GTALUG] Linus Torvalds Responds to Linux Banning University of Minnesota
Alvin Starr
alvin at netvel.net
Mon Apr 26 08:43:08 EDT 2021
On 2021-04-25 4:41 p.m., D. Hugh Redelmeier via talk wrote:
> | From: Alvin Starr via talk <talk at gtalug.org>
>
> | If the zdnet report is to be believed then There was at least one attempt to
> | insert code after being found out and asked to stop.
> |
> | https://www.zdnet.com/article/greg-kroah-hartman-bans-university-of-minnesota-from-linux-development-for-deliberately-buggy-patches/
>
> See:
> <https://lore.kernel.org/linux-nfs/20210407001658.2208535-1-pakki001@umn.edu/>
>
> I don't think that Steven J. Vaughan-Nichols' interpretation is
> correct (it seems to be GKH's). If you look at the email exchange in
> question, the "attempt to insert code" was an attempt to submit a real
> bug-fix, not an attempt to add a bug. But:
>
> - the fix was to a bug that didn't exist. Careful reading of the
> surrounding code shows that the problem addressed could not happen.
>
> - it is hard to understand leaks and non-leaks, so this submission
> only shows that Pakki is not yet a good kernel programmer.
>
> - it does not introduce a vulnerability
>
This is kind of getting into the weeds.
The offending paper that looks to describe what was done can be found at
https://github.com/QiushiWu/qiushiwu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
The paper appears to have been posted 3 months ago along with all the
other content in the site.
This would appear to predate the email thread where this all blew up.
On the other hand I am not sure how much to trust the github posting dates.
I think
https://davisjam.medium.com/ethical-conduct-in-cybersecurity-research-86d13b6b6eed
provides an eloquent description of the events and actions of most of
the actors involved.
--
Alvin Starr || land: (647)478-6285
Netvel Inc. || Cell: (416)806-0133
alvin at netvel.net ||
More information about the talk
mailing list