That's not what they did and it's not what you did.
Conversation
Huge difference between stating that you think the study was unethical (I fully agree) and attacking students that weren't involved in it and who have engaged in making substantial good faith and usually helpful contributions as part of these efforts.
1
2
Criticizing the study for unethical human experimentation makes sense. Attacking these students and spreading misinformation in a misguided attempt to defend the kernel's reputation is worse than what the study actually did. Kernel maintainers did most of the harm themselves...
1
2
I think their unethical study demonstrated something important and useful. Maybe I'll fund similar work. Maybe we won't tell them we did it like they did in this study. If that's a problem, well, that's the point. It's clear to a lot of us it's unworkable, but to most it isn't.
1
1
"I should do that unethical thing those guys did" isn't helping me see you or your argument in a better light.
1
It's not a literal statement. It's an explanation of why this is a problem. Depending on trusting that everyone in the world won't do this is a problem. The study was unethical, not malicious. Plenty of people have malicious intent. Someone could do it simply as trolling...
2
It's a problem because the kernel is really complicated code written in a really unsafe language.
Making the problem harder doesn't help anyone.
"It's possible to submit malicious code to open source projects" isn't a revelation by any metric.
1
1
It being possible to submit code is a lot different than it being possible to land malicious code.
The kernel being entirely written in a very unsafe language is part of the problem. That doesn't imply being able to so easily succeed in landing vulnerabilities in a project.
1
1
s/submit/land doesn't make it a revelation either. Of course open source is effectively build upon trust. And it's worth noting that the patches that most recently re-awakened this subject were actually "caught" pretty quickly.
1
Again, they didn't submit these patches from university email addresses and you're continuing to engage in slandering students not involved in it. That's unethical behavior too. Spreading misinformation as misdirection, especially attacking innocent people, is not okay.
2
Definitely not widely accepted that by using open source software, you inherently trust any random person able to submit code to a mailing list from Gmail.
Pretty big difference between trusting the developers of a project and trusting anyone able to submit patches to it.
A lot of people make the outrageous claim that you don't even need to trust the developers of open source projects. A lot of value is attributed to it, along with stuff like reproducible builds.
So, you may not believe that, but it's definitely not a broad consensus at all.
I mean. What?
Yeah it is. No one sits and audits every line of code in ANY FOSS software they use, nor even the contributors list.
The top 5 contributors list here shows two major cohorts NOT from known institutions:
news.itsfoss.com/huawei-kernel-
2
You REALLY were somehow surprised by the revelation that tons of anonymous or near-anonymous contributors work on the Linux kernel?
REALLY?
GIF
read image description
ALT
1
1
Show replies