I mean. What?
Yeah it is. No one sits and audits every line of code in ANY FOSS software they use, nor even the contributors list.
The top 5 contributors list here shows two major cohorts NOT from known institutions:
news.itsfoss.com/huawei-kernel-
Conversation
You REALLY were somehow surprised by the revelation that tons of anonymous or near-anonymous contributors work on the Linux kernel?
REALLY?
GIF
read image description
ALT
1
1
You're simply continuing to make disingenuous arguments. I never said anything of the kind.
I'm well aware of the serious systemic security issues of the Linux kernel, which go way beyond an unsafe language and very lax code review. I really don't need you to explain it to me.
1
1
Why are you clutching pearls over the results of the UMN study, then?
1
Clutching pearls? What? I'm simply explaining that to many people, the findings of the study are far from obvious. It was obvious to me, and clearly to you, but it isn't to many people. Scientific studies demonstrating something some people think is obvious aren't useless.
2
1
A thing that's obvious to the bulk of people within a community and not obvious to people outside that community is obvious enough not to warrant and unethically administered study to publicizing it. Especially when the study inherently impedes the meaningful work being done.
1
The 4 or so patches they submitted as part of the study hardly wasted much time.
The vast majority of the time being wasted and the harm being done is because of kernel maintainers exaggerating what happened, spreading misinformation and attempting collective punishments for it.
2
Okay, and?
The root CAUSE is still the unethical study.
Linux kernel maintainers are, imo, doing the right thing giving UMN the stink-eye, based on the org's past history.
1
1
You may think it's justified, but it doesn't change that they're spreading misinformation, being dishonest and harming the reputation of the project.
An unethical study doesn't justify further and more drastic unethical behavior. Their ~4 test patches hardly caused actual harm.
2
1
"This patch looks like the nonsense UMN tried to land before" isn't spreading misinformation, though.
And it's not dishonest, if the patch isn't up to snuff (which apparently the few recent ones weren't).
And auditing work coming from UMN after UMN was naughty isn't unethical.
2
It is nonsense. They didn't submit those patches from university email addresses. It doesn't look like them. The behavior isn't the same, since in each of those threads they quickly questioned why the patch had been approved.
That's also not the extent of what is being done.
So you're saying they should trust patches from UMN addresses now because the unethical-originated patches were submitted using disguised addresses????
1
They never did anything maliciously and didn't cause more harm than wasting a tiny amount of time. The patches should be judged on their merits, like anything else.
They could simply start submitting their ongoing patches from Gmail addresses to bypass collective punishments.
1
Show replies