Re: Report on University of Minnesota Breach-of-Trust Incident

From: Pavel Machek
Date: Thu May 06 2021 - 17:40:15 EST


> > # Commits from addresses have been found to be submitted in "bad
> > # faith" to try to test the kernel community's ability to review "known
> > # malicious" changes.
> I would agree that the phrasing here is sub-optimal in that it could
> more clearly separate a few related things (e.g. "malicious change" vs
> "valid fix"). If I were writing this, I would have said something along
> the lines of:
> Commits from UMN authors have been found to be submitted with intentional
> flaws to try to test the kernel community's ability to review "known
> malicious" changes. ...
> During review of all submissions, some patches were found to be
> unintentionally flawed. ...
> Out of an abundance of caution all submissions from this group must be
> reverted from the tree and will need to be re-review again. ...

Thank you.

> > UMN apologized. Our reaction to their apology was:
> >
> >
> >
> > Do we owe them apology, too?
> I will defer to Greg on what he thinks his duties are there, but in
> trying to figure out who "we" is, I'll just point out that I attempted
> to clarify the incorrect assumptions about the intent of historical UMN
> patches, and spoke for the entire TAB (Greg included) here:
> The report repeated this in several places, and we explained our need
> for due diligence.

Well, in
Greg says:

"Until those actions are taken, we do not have anything further to
discuss about this issue."

I'm not sure on behalf of whom he is speaking in the email (and I
believe he is unneccessarily harsh with them).

I could reply to that saying "hey, Greg is probably speaking only for
himself there, he certainly can't speak for whole linux community",
but I believe it would be better if TAB did that.

Best regards,

Attachment: signature.asc
Description: Digital signature