I am a Linux kernel contributor and a security researcher.
Will the Linux Kernel team ban me if I too attempt to test the ability of the code review process to catch malicious commits?
Good luck figuring out which pseudonyms are mine.
@lrvick The issue is real but they completely fucked up the execution of the test. The number one thing to do is get approval for testing which they didn't. They could've worked with the maintainers but chose not to. They totally deserved what they got.
@nob0dy get approval from who? The actual people that sign off on the commits?
Meanwhile anyone can still submit code anonymously and do this again, only this time for a state actor.
The university exposed a massive process flaw banning emails from a particular EDU won't fix.
@nob0dy I committed anonymously to the kernel. If someone coerced me I could do it again, only this time I could be asked to slip in something extra.
How will they catch me? Clearly the review process is not sufficient.
The security researchers proved a point very successfully.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!