'

Linux Foundation bans University after it intentionally submits "nonsense" patches

The Linux community won't be experimented with

Linux Foundation bans University after it intentionally submits

Linux Foundation bans University after it intentionally submits "nonsense" patches

The University of Minnesota has been banned from making contributions to the mainline Linux Kernel, following the intentional submissions of numerous questionable patches and experimenting with the Linux Kernel's developers. This news was first reported by the Linux-focused website Phoronix

Greg Kroah-Hartman, the fellow of the Linux Foundation responsible for maintaining the Linux Kernel's -stable branch, banned the university after uncovering a series of "nonsense patches" and code changes that "are obviously not even fixing anything at all". Additionally, the University also released a paper on "the feasibility of stealthily introducing vulnerabilities in Open-Source Software via Hypocrite Commits", where the university intentionally tried to introduce bugs into the kernel. 

Greg recently wrote the following in response to a member of the University of Minnesota; 


      You, and your group, have publicly admitted to sending known-buggy patches to see how the kernel community would react to them, and published a paper based on that work.

Now you submit a new series of obviously-incorrect patches again, so what am I supposed to think of such a thing?

They obviously were _NOT_ created by a static analysis tool that is of any intelligence, as they all are the result of totally different
patterns, and all of which are obviously not even fixing anything at all. So what am I supposed to think here, other than that you and your group are continuing to experiment on the kernel community developers by sending such nonsense patches?

When submitting patches created by a tool, everyone who does so submits them with wording like "found by tool XXX, we are not sure if this is
correct or not, please advise." which is NOT what you did here at all. You were not asking for help, you were claiming that these were legitimate fixes, which you KNEW to be incorrect.

A few minutes with anyone with the semblance of knowledge of C can see that your submissions do NOT do anything at all, so to think that a tool
created them, and then that you thought they were a valid "fix" is totally negligent on your part, not ours. You are the one at fault, it is not our job to be the test subjects of a tool you create.

Our community welcomes developers who wish to help and enhance Linux. That is NOT what you are attempting to do here, so please do not try to frame it that way.

Our community does not appreciate being experimented on, and being "tested" by submitting known patches that are either do nothing on purpose, or introduce bugs on purpose. If you wish to do work like this, I suggest you find a different community to run your experiments on, you are not welcome here.

Because of this, I will now have to ban all future contributions from your University and rip out your previous contributions, as they were obviously submitted in bad-faith with the intent to cause problems.


Following the University's actions, members of the University are no longer welcome to contribute to the ongoing development of the Linux kernel, as the institution has shown itself to be untrustworthy. Not only has the university wasted the time of Linux kernel developers, but they have also intentionally tried to undermine their efforts. 

Recently, the University of Minnesota has released a statement that claims that the institution is taking this situation "extremely seriously", and that they have "immediately suspended" their questionable lines of research and will take "appropriate remedial action". 




You can join the discussion on the Linux Foundation banning the University of Minnesota from future kernel contributions on the OC3D Forums.   

Linux Foundation bans University after it intentionally submits   

«Prev 1 Next»

Most Recent Comments

23-04-2021, 13:38:43

looz
Honestly their hypothesis of contributing malicious code to open source projects and seeing if it sticks is worth exploring, but the way they behaved was incredibly poor. I think it's even likely that malicious patches have been merged to major open source projects.


Also:
> I respectfully ask you to cease and desist from making wild accusations
> that are bordering on slander.

LOLQuote

23-04-2021, 13:57:00

NeverBackDown
I'm glad Linux as a whole put their foot down and made an example out of them. You could very easily make your own fork and try things yourself, not introduce experimemts to the production branch.Quote

23-04-2021, 13:58:03

looz
Quote:
Originally Posted by NeverBackDown View Post
You could very easily make your own fork and try things yourself, not introduce experimemts to the production branch.
That's irrelevant when it comes to researching supply chain attacks.Quote

23-04-2021, 14:04:47

WYP
Quote:
Originally Posted by looz View Post
Honestly their hypothesis of contributing malicious code to open source projects and seeing if it sticks is worth exploring, but the way they behaved was incredibly poor. I think it's even likely that malicious patches have been merged to major open source projects.


Also:
> I respectfully ask you to cease and desist from making wild accusations
> that are bordering on slander.

LOL
It is an interesting thing to explore. But from the other side, they are intentionally trying to ruin projects and are wasting the time and effort of developers.

If I were an open-source developer affected by that, I'd cut that group off and label them as a bunch of actively unhelpful idiots as well. While the research is worth exploring, they deserve what they got. IMHOQuote

23-04-2021, 14:07:55

looz
Quote:
Originally Posted by WYP View Post
It is an interesting thing to explore. But from the other side, they are intentionally trying to ruin projects and are wasting the time and effort of developers.

If I were an open-source developer affected by that, I'd cut that group off and label them as a bunch of actively unhelpful idiots as well. While the research is worth exploring, they deserve what they got. IMHO
Yep, no questions about the decision to cut them off - completely warranted. And they're completely unreasonable, they should assist in fixing the mess they've created instead of calling it slander.

But the supply chain of something like the Linux kernel needs to be scrutinized, the fact that some of the garbage patches were mainlined is worrying.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.