I'd say that the time is long past when we should expect such bogus patches to appear in our most popular projects.
Some of these bogus patches might be very tricky and appear to be valid. Let's all watch out. Craig > On Apr 21, 2021, at 8:16 AM, Shane Curcuru <a...@shanecurcuru.org> wrote: > > For those who review new contributions in their projects, a reminder: > there are rare cases where new contributors might be submitting junk: > > > https://fosspost.org/researchers-secretly-tried-to-add-vulnerabilities-to-linux-kernel/ > > Researchers from University of Minnesota wrote a paper about > purposefully submitting bogus patches or even potential vulnerabilities > to the Linux kernel. They got caught just this week - but I could > imagine that some Apache projects are big enough to someday attract the > same kind of "research". > > -- > - Shane > ComDev PMC > The Apache Software Foundation > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > Craig L Russell c...@apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
