Re: umn.edu situation and its effects on stable/cip


Neal Caidin
 

A Linux Foundation colleague has offered to do an analysis for projects to assess the situation.

"I can run an analysis of ... source code looking for commits from the two PhDs who are currently known, and also look for any commits from an @umn.edu email address."

If this is of interest, I'll look into this offer further.

Please let me know.

Best,
Neal

Neal Caidin
Program Manager, Program Management & Operations
The Linux Foundation
+1 (919) 238-9104 (w/h)
+1 (919) 949-1861 (m)




On Fri, Apr 23, 2021 at 6:58 AM Pavel Machek <pavel@...> wrote:
Hi!

You may have noticed in the news something funny is going on with
umn.edu commits.

Researchers at umn.edu did 3 bad-faith patches to kernel, sent them
from gmail.com addresses, and tried to get them reviewed (but
prevented them from being merged):

https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

That somehow led to Greg trying to revert all patches from umn.edu:

https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

And indeed there are some patches that do not fix any problem in
mainline (I identified one during stable review), but I don't see
evidence they were done in bad faith.

This is developing news, discussed on linux-kernel and ksummit-discuss
mailing lists (at least), but it should not affect us till middle of
May, and in my view it is likely that impact will be minor in the end.

Best regards,
                                                                Pavel
--
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany



Join cip-dev@lists.cip-project.org to automatically receive all group messages.