Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp3309pxy; Wed, 21 Apr 2021 16:38:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzy7MwlFKsgSrhvigpxBevPxN7MQgvEH8H9CeSYzLc3RwI0CKnbutc/WDAEL4L6IUffnLyh X-Received: by 2002:a17:906:478c:: with SMTP id cw12mr338178ejc.5.1619048322091; Wed, 21 Apr 2021 16:38:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619048322; cv=none; d=google.com; s=arc-20160816; b=B1gAZjDH4DiskOA51o+Hmfsnq8bOYw1tgu8w9LbbfO8xEpByyAAVPdcWckJwVFE3hw b36IsQSwPa73YI+O3kx+f0c/azcoSBhF3uNqtXHjeWz84zdergFjPtNRXzv23LXuP4J4 /+BVj+zdVK2pE4e/yMv1mfTQYiK8D8mxd/hQKnM3w0KtEKhsBF6yq8HfbtoK42bUglvL 1w/RJVioqqB7DMTAJDwkiYcqa0IH8e1NusAdQAhWu0qW+1QWPHMIW7Up9ikrAmvhb/AN N/iOp/ahdMc8/R8BFGCAkPKmlWb5qW+5oQhUMhN/KeY1R44U16EmDAAMQILzMyz+oNJY pbbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=2yeUFhxeUo7iH/P4SoEEkfCVFk6cEPasp6Lj+MrkWDo=; b=xRmGONKJvzMSklx0GxKXC3jQzauMBAbOq8M31lqNu12dpM+cKx/wWDEA0cnf1qCYSR 9ba+OtbEhkGYfUKIgd29N2kNEaMaTMcS9JAD8ClGPhdufyZ74hzwEHcTfMMNnjFR3OpO 207U8N9IlCyn+h4tdFyhJHQIwl+mfy7GoTIgf2OLKPELMo3CBy/c3ue9dMFIQneGqWiT ujv4ZVC4LkeltJiTxgNDMDChDzBEnY/zyo2MH2+iDF/F5Xa3kq/R+nETr7q3kD/oU3Wp ofHiX4KH/uZyWzbChex85REGZxkdnPbQfYSKMND91zmtO6zUo7PK/52UwwsKxHoAWjJH KCKQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h18si747159eds.422.2021.04.21.16.38.05; Wed, 21 Apr 2021 16:38:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240602AbhDUPtk (ORCPT + 99 others); Wed, 21 Apr 2021 11:49:40 -0400 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:49119 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S235162AbhDUPtk (ORCPT ); Wed, 21 Apr 2021 11:49:40 -0400 Received: from cwcc.thunk.org (pool-72-74-133-215.bstnma.fios.verizon.net [72.74.133.215]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 13LFml82005907 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 21 Apr 2021 11:48:47 -0400 Received: by cwcc.thunk.org (Postfix, from userid 15806) id 021AA15C3B0D; Wed, 21 Apr 2021 11:48:46 -0400 (EDT) Date: Wed, 21 Apr 2021 11:48:46 -0400 From: "Theodore Ts'o" To: Leon Romanovsky Cc: Anna Schumaker , "J. Bruce Fields" , Greg KH , Aditya Pakki , Chuck Lever , Trond Myklebust , "David S. Miller" , Jakub Kicinski , Dave Wysochanski , Linux NFS Mailing List , netdev@vger.kernel.org, Linux Kernel Mailing List Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg Message-ID: References: <20210407001658.2208535-1-pakki001@umn.edu> <20210420171008.GB4017@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Apr 21, 2021 at 05:15:26PM +0300, Leon Romanovsky wrote: > > This thread is the first I'm hearing about this. I wonder if there is > > a good way of alerting the entire kernel community (including those > > only subscribed to subsystem mailing lists) about what's going on? It > > seems like useful information to have to push back against these > > patches. > > IMHO, kernel users ML is good enough for that. The problem is that LKML is too high traffic for a lot of people to want to follow. There are some people who have used the kernel summit discuss list (previously ksummit-discuss@lists.linux-foundation.org, now ksummit@lists.linux.dev) as a place where most maintainers tend to be subscribed, although that's not really a guarantee, either. (Speaking of which, how to handle groups who submit patches in bad faith a good Maintainer Summit topic for someone to propose...) To give the devil his due, Prof. Kangjie Lu has reported legitimate security issues in the past (CVE-2016-4482, an information leak from the kernel stack in the core USB layer, and CVE-2016-4485, an information leak in the 802.2 networking code), and if one looks at his CV, he has a quite a few papers in the security area to his name. The problem is that Prof. Lu and his team seem to be unrepentant, and has some very... skewed... ideas over what is considered ethical, and acceptable behavior vis-a-vis the Kernel development community. The fact that the UMN IRB team believes that what Prof. Lu is doing isn't considered in scope for human experimentation means that there isn't any kind of institutional controls at UMN for this sort of behavior --- which is why a University-wide Ban may be the only right answer, unfortunately. - Ted