University of Minnesota paper

From: Volker Weißmann
Date: Thu Apr 22 2021 - 12:32:42 EST

Next message: Mathieu Poirier: "Re: [PATCH v2 5/7] rpmsg: char: Introduce a rpmsg driver for the rpmsg char device"
Previous message: Randy Dunlap: "Re: [PATCH] Input: rework USB Kconfig dependencies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I would like to inform everyone here, that I just wrote the mail below
to the authors of the paper (wu000273@xxxxxxx and kjlu@xxxxxxx).

When I receive an answer, I will post the answer here.

Mail that I sent (from my university mail address):

Hello,

I saw your paper [1
<https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf>]
where you claimed that you proposed patches with vulnerabilities to test
the review process.
Can you prove that you just did this to test the review process and not
to actually introduce vulnerabilities.

Did you tell some trustful people in advance that you are doing this to
test the linux reviewers?
Did you gave a text that says that those patches have vulnerabilities to
a notary and told him to publish those texts after a certain date?
Did you publish a hash of a message that explains that those patches are
vulnerable in advance?

No offense, but proposing patches with vulnerabilities and then claiming
(after they got rejected) that you just did it to test the reviewers
sounds like a really lame excuse to hide something truly malicious.

[1]:
https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf
<https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf>

Greetings

Volker Weißmann

Next message: Mathieu Poirier: "Re: [PATCH v2 5/7] rpmsg: char: Introduce a rpmsg driver for the rpmsg char device"
Previous message: Randy Dunlap: "Re: [PATCH] Input: rework USB Kconfig dependencies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]