undefined | Better HN

0 pointsjovial_cavalier3mo ago0 comments

>No one likes being cheated out of work that they did, especially when a lot of it is volunteer work.

You know what would really be wasteful of volunteer hours? Instituting a policy whereby the community has to trawl through 20 years of commits from umn.edu addresses and manually review them for vulnerabilities even though you have no reasonable expectation that such commits are likely to contain malicious code and you're actually just butthurt. (they found nothing after weeks of doing this btw)

0 comments

dessimus3mo ago

But what if the next paper is about then about the bad patch they put in 15 years ago and it still hasn't been noticed? UMN has created a situation that now calls into question everything that has contributed by UMN in showing bad-faith in retroactively approving Lu's actions.

imtringued3mo ago

That professor just destroyed the ability to trust public institutions like universities to not be malicious actors. You can't restore that trust unless you comb through everything. If you just let them go, you now have to distrust every single university by default, which is even more expensive.

yjftsjthsd-h3mo ago

> even though you have no reasonable expectation that such commits are likely to contain malicious code and you're actually just butthurt

Other than the tiny bit where that's not true. An institution just demonstrated that they are willing to submit malicious code, and don't feel any need to tell you that they did so (even after the fact). It's perfectly reasonable to ask if they've done this before.