Re: Report on University of Minnesota Breach-of-Trust Incident
From: Pavel Machek
Date: Thu May 06 2021 - 17:40:15 EST
> > # Commits from @umn.edu addresses have been found to be submitted in "bad
> > # faith" to try to test the kernel community's ability to review "known
> > # malicious" changes.
> I would agree that the phrasing here is sub-optimal in that it could
> more clearly separate a few related things (e.g. "malicious change" vs
> "valid fix"). If I were writing this, I would have said something along
> the lines of:
> Commits from UMN authors have been found to be submitted with intentional
> flaws to try to test the kernel community's ability to review "known
> malicious" changes. ...
> During review of all submissions, some patches were found to be
> unintentionally flawed. ...
> Out of an abundance of caution all submissions from this group must be
> reverted from the tree and will need to be re-review again. ...
> > UMN apologized. Our reaction to their apology was:
> > https://lore.kernel.org/lkml/YIV+pLR0nt94q0xQ@xxxxxxxxx/#t
> > Do we owe them apology, too?
> I will defer to Greg on what he thinks his duties are there, but in
> trying to figure out who "we" is, I'll just point out that I attempted
> to clarify the incorrect assumptions about the intent of historical UMN
> patches, and spoke for the entire TAB (Greg included) here:
> The report repeated this in several places, and we explained our need
> for due diligence.
Well, in https://lore.kernel.org/lkml/YIV+pLR0nt94q0xQ@xxxxxxxxx/#t
"Until those actions are taken, we do not have anything further to
discuss about this issue."
I'm not sure on behalf of whom he is speaking in the email (and I
believe he is unneccessarily harsh with them).
I could reply to that saying "hey, Greg is probably speaking only for
himself there, he certainly can't speak for whole linux community",
but I believe it would be better if TAB did that.
Description: Digital signature