Login at Kodi Home

bornagainpenguin · 2021-04-22, 20:46

I was reading the thread on the University of Minnesota and their unethical experiments with submitting broken or malicious patches to the Linux kernel, when I noticed that someone mentioned an article about the subject said they had done this to both Linux the kernel and to other open source projects. Unfortunately the article does not list these other open source projects and as it seems that this was part of an ongoing bit of research they have yet to report on which other projects they had begun to experiment on. So I wanted to bring this up to the developers here and would have posted the question in the developers' section but since it is clear that it is intended for programmers only and I am not one I didn't want to start out by stepping on any toes.

I would just like to ask if there is a way to check who contributed what from where and if a cursory check has been done to see if any bad actors might have slipped in? I understand this is a complex issue and it is unlikely to be as simple as simply checking for University of Minnesota .edu email addresses, especially since some of the patches reported originally were submitted under anonymous emails according to the original paper submitted on the experiments last year. But I would like to know if our developers are aware of the situation and if we are checking against it.

Thanks, and hopefully this is simply paranoia and nothing to be concerned about.

**scott967** · 2021-04-22, 23:12

Well, it can be an issue in that Kodi does use various open source libraries that aren't developed in-house, so there has to be a certain trust factor. But in-house there is a fairly small team of devs, and while the github source management system could be hacked, I think any malicious commits (changes to the source code) would be uncovered. In the normal process, only a few devs have the power to approve changes (though anyone can submit a proposed change for evaluation).

One advantage of open source, is anyone can fork (copy) the source code and have their own control over any changes so there is built-in redundancy in the system.

That's my personal opinion, not speaking for the team.

scott s.
.