[arp242]

Ignoring trust issues (NK inserting a backdoor), I'd say clean bugfixes should probably be accepted.

My main point was to nuance the absolutist "code and science should be separate". I don't know enough about this code to make a judgement one way or the other: as I understand the commit message it's a cleanup as a prelude to GMAC and X-GMAC SoC support. Maybe the code is badly in need of some cleanup, or maybe it's essentially just fine and there is no reason to merge any of this beyond supporting those SoCs.

[anonymouskimmer]

> Ignoring trust issues (NK inserting a backdoor)

For another option, is it possible that patching a legitimate bug could open up a line of attack in an otherwise unrelated piece of code that the bug was somehow blocking? If it is, even legitimate, verified bug fixes, or even bug reports, from non-trusted sources, should be carefully vetted.

[arp242]

They did end up banning all of the University of Minnesota over trust issues. Everything should be carefully vetted, sure, but it's always possible something gets missed; a good backdoor is indistinguishable from a bug, and those definitely end up getting merged. Any merge is a "risk", so to speak. It's a matter of risk management: a patch from Greg Kroah-Hartman is very unlikely to contain an intentional backdoor and a patch from Kim Jong-un is more likely to contain one, and with lots of shades in-between those two extremes.

[kmac_]

Worse, you can be quite sure that a patch or series of patches from "Kim Jong-un" will introduce a bug (or rather a well hidden corner case) leading to a backdoor. It can be assumed that there's a hidden incentive behind the patches.