From: Julia Lawall <julia.lawall@inria.fr>
To: Roland Dreier <roland@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
ksummit@lists.linux.dev
Subject: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches
Date: Wed, 21 Apr 2021 21:55:09 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.22.394.2104212150230.20674@hadrien> (raw)
In-Reply-To: <CAG4TOxNOHRexUoKTo7ndViNtss0_BDeh4YCVHexvdQhQWF+vaw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2492 bytes --]
On Wed, 21 Apr 2021, Roland Dreier wrote:
> On Wed, Apr 21, 2021 at 12:22 PM Steven Rostedt <rostedt@goodmis.org> wrote:
> > I have no problem with taking a trivial patch if they are really fixing a
> > bug. I think what needs to be done here is look at the patches that got in
> > that were buggy, and see why they got in.
> >
> > Perhaps the answer is to scrutinize trivial patches more. To me, the only
> > "trivial" patch is a comment fix, or update to documentation. And even
> > then, I spend time reviewing it.
> >
> > If you don't have time to review a patch, then by all means, don't accept
> > it. Perhaps the answer is simply have a higher bar on what you do accept.
> >
> > There are a few people that I will accept patches from with out review. But
> > anyone else, I scrutinize the code before taking it in.
>
> I agree with this. And indeed to me perhaps what needs to be
> calibrated is our definition of a trivial patch.
>
> If someone sends a patch that changes "speling" to "spelling" in a
> comment, then I think that's fine to apply without much scrutiny. If
> someone sends a patch that changes reference counting on an error
> path, then that absolutely needs to be looked at to ensure
> correctness. There are enough people sending wrong patches without
> even thinking about malicious actors.
>
> I also think there does need to be a strong sanction against this UMN
> research group, since we need to make sure there are strong incentives
> against wasting everyone's time with stunts like this. Hopefully on
> the academic side it can be made clear that this is not ethical
> research - for example, why did IEEE think this was an acceptable
> paper?
The author's web page (https://www-users.cs.umn.edu/~kjlu/) says:
On the Feasibility of Stealthily Introducing Vulnerabilities in
Open-Source Software via Hypocrite Commits
Qiushi Wu, and Kangjie Lu.
To appear in Proceedings of the 42nd IEEE Symposium on Security and
Privacy (Oakland'21). Virtual conference, May 2021.
★ Note: The experiment did not introduce any bug or bug-introducing
commit into OSS. It demonstrated weaknesses in the patching process in a
safe way. No user was affected, and IRB exempt was issued. The experiment
actually fixed three real bugs. Please see the clarifications.
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
He's on the program committee of the conference for next year...
[I'm just providing information, not implying that I agree with it]
julia
next prev parent reply other threads:[~2021-04-21 19:55 UTC|newest]
Thread overview: 156+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 18:35 [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches James Bottomley
2021-04-21 18:46 ` Christian Borntraeger
2021-04-21 18:51 ` Alexey Dobriyan
2021-04-21 18:53 ` Christian Borntraeger
2021-04-21 19:06 ` Al Viro
2021-04-21 19:14 ` James Bottomley
2021-04-21 19:22 ` Steven Rostedt
2021-04-21 19:26 ` Kees Cook
2021-04-21 19:32 ` Roland Dreier
2021-04-21 19:55 ` Julia Lawall [this message]
2021-04-21 20:28 ` Stephen Hemminger
2021-04-21 20:37 ` Julia Lawall
2021-04-21 20:45 ` Steven Rostedt
2021-04-21 20:50 ` Julia Lawall
2021-04-21 21:03 ` Jiri Kosina
2021-04-21 21:37 ` James Morris
2021-04-22 7:34 ` Geert Uytterhoeven
2021-04-22 7:51 ` Mike Rapoport
2021-04-22 8:45 ` Christian Brauner
2021-04-22 15:27 ` Steven Rostedt
2021-04-22 9:39 ` Mauro Carvalho Chehab
2021-04-22 9:55 ` Mauro Carvalho Chehab
2021-04-22 12:01 ` Leon Romanovsky
2021-04-22 12:26 ` Mark Brown
2021-04-22 12:35 ` Leon Romanovsky
2021-04-22 12:52 ` Hans Verkuil
2021-04-22 13:33 ` Mauro Carvalho Chehab
2021-04-22 13:42 ` Leon Romanovsky
2021-04-22 12:18 ` Leon Romanovsky
2021-04-22 15:38 ` Shuah Khan
2021-04-23 9:06 ` Mauro Carvalho Chehab
2021-04-23 17:17 ` Leon Romanovsky
2021-04-23 22:41 ` Shuah Khan
2021-04-22 5:59 ` Christoph Hellwig
2021-04-22 6:28 ` Tomasz Figa
2021-04-22 7:05 ` Al Viro
2021-04-22 7:46 ` Al Viro
2021-04-22 7:06 ` H. Peter Anvin
2021-04-22 7:05 ` Jiri Kosina
2021-04-22 16:05 ` Roland Dreier
2021-04-22 16:24 ` Krzysztof Kozlowski
2021-04-22 18:03 ` Al Viro
2021-04-22 22:35 ` Thomas Gleixner
2021-04-22 22:53 ` Laurent Pinchart
2021-07-20 16:26 ` Kernel sustainability (was Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Daniel Vetter
2021-04-21 19:30 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Jiri Kosina
2021-04-21 20:28 ` Jiri Kosina
2021-04-21 22:18 ` Shuah Khan
2021-04-21 23:17 ` Guenter Roeck
2021-04-21 23:21 ` Shuah Khan
2021-04-21 19:47 ` Dan Carpenter
2021-04-22 9:34 ` Mauro Carvalho Chehab
2021-04-22 9:59 ` Johannes Berg
2021-04-22 10:52 ` Mauro Carvalho Chehab
2021-04-22 12:16 ` Mike Rapoport
2021-04-22 13:41 ` Mauro Carvalho Chehab
2021-04-22 20:15 ` Alexandre Belloni
2021-04-23 0:09 ` Randy Dunlap
2021-04-21 19:49 ` Alexandre Belloni
2021-04-22 2:05 ` Martin K. Petersen
2021-04-22 3:04 ` Joe Perches
2021-04-22 10:13 ` Mauro Carvalho Chehab
2021-04-22 12:07 ` Mark Brown
2021-04-22 16:42 ` Bart Van Assche
2021-04-22 17:58 ` Jiri Kosina
2021-04-22 4:21 ` Leon Romanovsky
2021-04-22 4:56 ` Al Viro
2021-04-22 5:52 ` Leon Romanovsky
2021-04-22 6:05 ` Christoph Hellwig
2021-04-22 6:03 ` Christoph Hellwig
2021-04-22 6:18 ` Leon Romanovsky
2021-04-22 9:20 ` Mauro Carvalho Chehab
2021-04-22 11:34 ` Leon Romanovsky
2021-04-22 13:22 ` Mark Brown
2021-04-22 13:47 ` Leon Romanovsky
2021-04-22 13:51 ` Mark Brown
2021-04-22 14:12 ` Mauro Carvalho Chehab
2021-04-22 14:51 ` Leon Romanovsky
2021-04-22 13:29 ` Steven Rostedt
2021-04-22 13:58 ` Leon Romanovsky
2021-04-22 14:20 ` Rob Herring
2021-04-23 6:04 ` Mauro Carvalho Chehab
2021-04-23 6:46 ` Joe Perches
2021-04-23 7:13 ` Mauro Carvalho Chehab
2021-04-23 7:20 ` [PATCH RFC] scripts: add a script for sending patches Mauro Carvalho Chehab
2021-04-23 7:20 ` Mauro Carvalho Chehab
2021-04-23 14:52 ` Better tools for sending patches (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Doug Anderson
2021-04-23 16:03 ` Mark Brown
2021-04-23 17:12 ` Leon Romanovsky
2021-04-26 23:50 ` Simon Glass
2021-04-22 12:53 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Konstantin Ryabitsev
2021-04-22 13:08 ` Leon Romanovsky
2021-04-22 13:27 ` Konstantin Ryabitsev
2021-04-22 13:41 ` Leon Romanovsky
2021-04-22 16:28 ` Serge E. Hallyn
2021-04-22 17:56 ` Leon Romanovsky
2021-04-22 18:05 ` backfilling threads with b4 (was: Re: [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches) Konstantin Ryabitsev
2021-04-22 18:51 ` Leon Romanovsky
2021-04-25 10:58 ` Leon Romanovsky
2021-04-23 7:19 ` [MAINTAINER SUMMIT] Rethinking the acceptance policy for "trivial" patches Greg KH
2021-04-23 7:31 ` Christian Brauner
2021-04-23 18:50 ` Konstantin Ryabitsev
2021-04-22 12:40 ` Mark Brown
2021-04-22 12:54 ` Mike Rapoport
2021-04-22 13:23 ` Mark Brown
2021-04-22 15:19 ` Steven Rostedt
2021-04-22 21:19 ` Thomas Gleixner
2021-04-22 21:36 ` Steven Rostedt
2021-04-22 22:39 ` Thomas Gleixner
2021-04-23 0:26 ` Joe Perches
2021-04-23 6:15 ` Greg KH
2021-04-23 6:50 ` Dan Williams
2021-04-23 7:13 ` Geert Uytterhoeven
2021-04-23 14:41 ` Shuah Khan
2021-04-23 9:12 ` Michal Hocko
2021-04-22 14:51 ` Laurent Pinchart
2021-04-22 15:14 ` Mike Rapoport
2021-04-22 15:17 ` Laurent Pinchart
2021-04-22 15:35 ` Al Viro
2021-04-22 15:32 ` Shuah Khan
2021-04-22 10:35 ` Mauro Carvalho Chehab
2021-04-22 11:03 ` Sudip Mukherjee
2021-04-22 14:00 ` Steven Rostedt
2021-04-22 14:07 ` Jiri Kosina
2021-04-22 15:31 ` Sudip Mukherjee
2021-04-22 21:33 ` Thomas Gleixner
2021-04-22 20:28 ` Andrew Morton
2021-04-22 20:46 ` Steven Rostedt
2021-04-22 12:32 ` Martin K. Petersen
2021-04-22 15:11 ` Laurent Pinchart
2021-04-22 15:28 ` James Bottomley
2021-04-22 15:35 ` Johannes Berg
2021-04-22 15:36 ` Mark Brown
2021-04-22 15:40 ` James Bottomley
2021-04-23 9:27 ` Dan Carpenter
2021-04-22 13:24 ` Konstantin Ryabitsev
2021-04-22 14:31 ` Mauro Carvalho Chehab
2021-04-22 15:34 ` Shuah Khan
2021-04-22 15:42 ` James Bottomley
2021-04-22 15:48 ` James Bottomley
2021-04-22 15:52 ` Steven Rostedt
2021-04-22 16:08 ` Shuah Khan
2021-04-22 16:13 ` Jan Kara
2021-04-22 17:04 ` Steven Rostedt
2021-04-22 17:08 ` Martin K. Petersen
2021-04-23 11:16 ` Jan Kara
2021-04-23 12:57 ` Mauro Carvalho Chehab
2021-04-23 7:58 ` Mauro Carvalho Chehab
2021-04-23 10:54 ` Greg KH
2021-04-23 17:09 ` Leon Romanovsky
2021-04-22 16:23 ` Konstantin Ryabitsev
2021-04-22 16:38 ` Bart Van Assche
2021-04-22 16:57 ` Leon Romanovsky
2021-04-22 18:03 ` Jiri Kosina
2021-04-22 21:26 ` Thomas Gleixner
2021-04-22 21:36 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.22.394.2104212150230.20674@hadrien \
--to=julia.lawall@inria.fr \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ksummit@lists.linux.dev \
--cc=roland@kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.