> I would still want this test to be performed, because I value kernel security above petty ideological concerns.
The biggest issue around this is consent. You can totally send an email saying "we're doing research on the security implications of the pull request process, can we send you a set of pull requests and you can give up approve/deny on each one?"
> If you remember the dire state of computer security in the early 2000s, remember that the solution was not throw all the hacker kids in jail.
You weren't there when Mirai caused havok due to thousands of insecure IoT devices getting pwned and turned into a botnet... and introducing more vulnerabilities is never the answer.
The biggest issue around this is consent. You can totally send an email saying "we're doing research on the security implications of the pull request process, can we send you a set of pull requests and you can give up approve/deny on each one?"
> If you remember the dire state of computer security in the early 2000s, remember that the solution was not throw all the hacker kids in jail.
You weren't there when Mirai caused havok due to thousands of insecure IoT devices getting pwned and turned into a botnet... and introducing more vulnerabilities is never the answer.