Detection and speed of reversion of the update. Also how far down the tree they will go to prune out U of MN submissions.What are you testing by submitting bogus updates to a kernel though?
No. The only differences between a pentest and active attack/exploitation is that consent is given and the details afterwards are provided... neither of those were effectively happening in this case. Sometimes it might not be the direct owner/maintainer giving the consent, but someone up the food/management chain provides the ok and someone gets the report.Isn't this essentially what pen testing is? The only novel part of this guy's "experiment" is he didn't get explicit consent first.
Keyword there... "partner"I mean the principle itself isn't without merit as a thought exercise. But you're a massive fucking asshole because you think "well lets just use one of these massive open source projects because we can submit to them as much as we want!" Rather than any kind of controlled environment. Big tech would be interested in that result, maybe you could partner with them and fuck up one of their less important projects for some kind of data gathering.