A group from the University of Minnesota have come in for a tongue-lashing from the normally mild-mannered Linux developer Greg Kroah-Hartman, the maintainer of the stable kernel.
Kroah-Hartman blew up after the group submitted patches to the kernel which were known to be buggy.
He said in a post addressed to Aditya Pakki at the university that he, and his group, had sent the buggy patches to see how the kernel community would react, and put out a paper based on that.
The university has now reacted by saying that it has suspended this line of research.
Linux kernel developers do not like being experimented on, we have enough real work to do: https://t.co/vWvtxjt7A5
— Greg K-H (@gregkh) April 21, 2021
The university’s Qiushi Wu and Kangjie Lu published the paper in question, which is titled “On the feasibility of stealthily introducing vulnerabilities in open-source software via hypocrite commits”.
It claimed to explore the possibility of stealthily introducing vulnerabilities in open-source software, in this case the Linux kernel.
In one email addressed to Pakki, who had made several claims about a patch he had sent, Kroah-Hartman responded: “Please stop submitting known-invalid patches. Your professor is playing around with the review process in order to achieve a paper in some strange and bizarre way.
This is worse than just being experimented upon; this is like saying you’re a “safety researcher” by going to a…