Community ban on college for deliberately injecting a bug into the Linux kernel
'Prohibition of Contribution to Linux Kernel Development' to the University of Minnesota for sending a patch containing a known bug to the Linux kernel to write a paper on the vulnerability of open source software. A ban has been taken.
Linux bans University of Minnesota for sending buggy patches in the name of research [Update] --Neowin
The paper in question was entitled 'On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits.' .. 'Open source software' means Linux, and the authors tried to introduce a
The treatise in question is below.
qiushiwu.github.io/OpenSourceInsecurity.pdf at main · QiushiWu / qiushiwu.github.io · GitHub
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Kernel maintainer Greg Kroah-Hartman said, 'Look at the code, this can't happen. Don't submit known invalid patches. Your professor uses a strange and wacky method to dissert. We are toying with the review process to make it happen. We waste our time, this is not allowed and must be reported to the university. '
Re: [PATCH] SUNRPC: Add a check for gss_release_msg --Greg KH
https://lore.kernel.org/linux-nfs/YH5%[email protected]/
A response from Aditya Pakki of the University of Minnesota said, 'Please stop the savage blame that is close to slander. These patches were sent as part of a static analyzer I created and the sensitivity is clear. I'm not good at it. I sent a patch in anticipation of feedback. I'm not a Linux kernel expert, so I'm tired of hearing these remarks. Obviously I'm wrong. You're prejudiced. Is too strong and makes unfounded claims that give us suspicion. Not sending any more patches is not only because they are unwelcome, but also intimidating to beginners and non-experts. Because it's a typical attitude. '
In response, Hartman said, 'The Linux community does not appreciate being tested by known patch submissions that intentionally introduce bugs. If you want to, I recommend looking for another community for experimentation. I will do it. ' 'Obviously dishonest patch submissions were made with the intention of causing problems, so we need to ban all posts from your university in the future and remove previous posts,' said the University of Minnesota ban. I have been notified.
Re: [PATCH] SUNRPC: Add a check for gss_release_msg --Greg KH
https://lore.kernel.org/linux-nfs/YH%2FfM%[email protected]/
As Hartmann declared, all patches introduced by the University of Minnesota have been removed and restored.
Follow up removing almost all of these changes: https://t.co/wLnQxwKfyk
— Greg KH (@gregkh) April 21, 2021
The University of Minnesota, under the joint name of Mats Heimdahl, Dean of the Department of Computer Science, and Loren Terveen, Deputy Dean of the Department of Computer Science, has approved a research method that takes the situation seriously and raises concerns in the Linux kernel community. We will investigate the circumstances such as whether it was, and have issued a statement that we will report as soon as possible.
Statement from CS & E on Linux Kernel research --April 21, 2021 | Department of Computer Science and Engineering | College of Science and Engineering
https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
Related Posts:
