"actually c is fine if you just never make any mistakes" Actually chris the developers of the god damn linux kernel are not even this superhuman so i seriously doubt you are
Conversation
Replying to
I feel like I would have been tricked by this regardless of the programming language literally just on the basis of the authority of "affiliated with the university of minnesota"
4
1
38
yeah this is mostly that they sent a bunch of patches claiming to be fixing issues found by static analysis tools, implying that they knew what they were doing, and coming from a reasonably trustworthy source
--> the patches got fairly little review
3
18
I've glanced through their paper and I don't see them accounting for or even mentioning the bias that would exist when you submit patches from a university Vs say, an individual account.
1
They didn't submit them that way. You're confusing the good faith patches that are being reverted from the university with the ones submitted from sockpuppet email addresses for the experiment using Gmail.
1
Are you sure? This patch doesn't seem to be very "good faith" (though it's possible I'm missing something here?).
lore.kernel.org/linux-nfs/YH5%
1
They've been regularly involved in submitting fixes based on static analysis. Not all of those patches are correct. Tools have many false positives and the students make mistakes. Do you have any evidence that this has to do with the study, which seemed to use gmail addresses?
2
I based my original reply in this thread, here someone claims that the patch set I linked above (from a uni email) is part of the paper : lore.kernel.org/linux-nfs/YH+z
You're right that they may be innocent patches, I've read a few threads about that since leaving my comment here...
2
in this case the patch doesn't line up with the description at all. It's hard to believe it's a good faith patch.
1
They're students trying to silence errors from static analysis. It's a reach to claim that it's not in good faith because it's clearly wrong. They aren't experienced Linux kernel or probably even C developers. Many of the fixes they've submitted are still useful and correct.
If the Linux kernel cannot cope with that because it's too hard to review C code and determine if it's introducing a vulnerability or fixing one, then that's a serious problem.
The study they did wasn't ethical but it wasn't malicious. They intended to stop the mistakes landing.
1
It's also completely wrong to frame it as if all the work done by the university was part of that small study.
They didn't submit a bunch of patches as part of it.
People are confusing the static analysis work with their attempt at demonstrating the review is flawed.
1
Show replies
Sure, you may well be correct here, however given the circumstances I think a certain level of cynicism is a good thing. You've jumped very quickly to fight this position which I never claimed to hold? My comment is based on 5 minutes of reading, nothing more.
1
It's naive to claim that all their patches are in good faith, e.g. this one, but then we get into arguing if it's justified to ban the university, and frankly I don't have a hat in that ring. I don't feel strongly either way.
1
Show replies