I mean. What?
Yeah it is. No one sits and audits every line of code in ANY FOSS software they use, nor even the contributors list.
The top 5 contributors list here shows two major cohorts NOT from known institutions:
news.itsfoss.com/huawei-kernel-
Conversation
You REALLY were somehow surprised by the revelation that tons of anonymous or near-anonymous contributors work on the Linux kernel?
REALLY?
GIF
read image description
ALT
1
1
You're simply continuing to make disingenuous arguments. I never said anything of the kind.
I'm well aware of the serious systemic security issues of the Linux kernel, which go way beyond an unsafe language and very lax code review. I really don't need you to explain it to me.
1
1
Why are you clutching pearls over the results of the UMN study, then?
1
Clutching pearls? What? I'm simply explaining that to many people, the findings of the study are far from obvious. It was obvious to me, and clearly to you, but it isn't to many people. Scientific studies demonstrating something some people think is obvious aren't useless.
2
1
They could have found a way to do this kind of study in an ethical way, and I don't think it would be useless.
Some projects have stricter code review, safer languages / architectures, etc. Some don't take public patches (SQLite). It's not universally the same situation at all.
1
Sure, but those projects operate at a *vastly* different scale both in terms of contributers AND users, than does the linux kernel.
1
1
(Also I'm pretty sure I don't agree with your first remark at all)
1
The scale of the Linux kernel is an architectural choice and is an approach promoted by the people in charge of the development process as superior to the alternative of dividing it up into isolated components. They don't even want out-of-tree code to exist at all. Their choice.
2
They believe that C is the best choice of a language, a monolithic kernel is best architecture and everything being in the same Git repository is the best approach to development. As long as that's true, then there's certainly a reason to demonstrate that this is unworkable.