University of Minnesota, banned from the Linux community, publishes an open letter of apology saying 'We will strive to regain trust'

A research group at the University of Minnesota was found to have sent a patch containing a vulnerability in the Linux kernel over a paper entitled 'The possibility of secretly introducing a vulnerability into open source software by committing by a fake person'.

It is being banned by the Linux community .

The research group sent an open letter of apology for this.

An open letter to the Linux community --Kangjie Lu

The letter, dated April 24, 2021, apologizes for the inadequacy of the method used in the 'hypocrite commit' treatise.

In the letter, the research was intended to improve the security of Linux and was not intended to hurt or spread the vulnerability, but consulted and allowed the community before conducting the research. Explained that it was a mistake not to get.

Of the patches submitted by the University of Minnesota so far, three malicious patches that correspond to 'adding vulnerabilities' were not committed to the code as a result of discussion. On the other hand, the other patches were submitted as part of other projects and as a contribution to the community, and are patches that actually address bugs in the code and have nothing to do with the 'hypocrite commit' treatise. It explains that.

The University of Minnesota has been working on discovering and patching Linux vulnerabilities for the past five years, as it has learned some important lessons about collaborative research with the open source community. 'We should be able to do better, and I believe there are many things we can contribute to in the future. We will do our best to regain the trust of everyone,' the letter concludes.

In response to this reply, maintainer Greg Kroah-Hartman said, 'Thank you for your reply. As you know, The Linux Foundation and its technical advisory board will be sent to your university on Friday (April 23). You submitted a letter explaining the specific actions your group and your university need to take to restore confidence in the Linux kernel community. We will discuss this issue further until these measures are taken. There is no such thing. Thank you. '

Re: An open letter to the Linux community --Greg KH[email protected]/

By the way, in this case, the fact that a research method that hurt the Linux community was adopted is also regarded as a problem, but it is said that the research review committee of the University of Minnesota decided that this method is not a problem. ..

in Software, Posted by logc_nt