Linux Kernel Team Rejects University of Minnesota Researchers’ Apology
Freeman writes:
Last week, senior Linux kernel developer Greg Kroah-Hartman announced that all Linux patches coming from the University of Minnesota would be summarily rejected by default.
This policy change came as a result of three University of Minnesota researchers-Qiushi Wu, Kangjie Lu, and Aditya Pakki-embarking on a program to test the Linux kernel dev community's resistance to what the group called "Hypocrite Commits."
[...] The trio's scheme involved first finding three easy-to-fix, low-priority bugs in the Linux kernel and then fixing them-but fixing them in such a way as to complete what the UMN researchers called an "immature vulnerability":
[...] The three researchers would then email their Trojan-horse patches to Linux kernel maintainers to see if the maintainers detected the more serious problem the researchers had introduced in the course of fixing a minor bug. Once the maintainers responded to the submitted patch, the UMN researchers pointed out the bug introduced by their patch and offered a "proper" patch-one that did not introduce a newly exploitable condition-in its place.
Lu, Wu, and Pakki published their findings in February at the 42nd IEEE Symposium on Security and Privacy.
[...] Last week, in response to these "Hypocrite Commits," senior Linux kernel dev Greg Kroah-Hartman reverted 68 patches submitted by folks with umn.edu email addresses. Along with reverting these 68 existing patches, Kroah-Hartman announced a "default reject" policy for future patches coming from anyone with an @umn.edu address.
[...] This Saturday, the UMN research team apologized to the Linux community via an open letter posted to the Linux Kernel Mailing List. The nearly 800-word open letter comes across as more "wait, you don't understand" than apology:
[...] Kroah-Hartman acknowledged the letter Sunday but was clearly less than impressed:
Read more of this story at SoylentNews.