Linux Foundation demands action from university found meddling with kernel

Developers want details about all contributions to the kernel made by the University

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Following the recent“Hypocrite Commits” row, it’s now being reported that theLinux Foundation’s Technical Advisory Board, representing the interests of the kernel community, has asked the University of Minnesota (UMN) to undertake certain actions before their people will be allowed to contribute toLinuxagain.

This follows the recent incident where a couple of UMN computer scientists riled up Linux developers by intentionally submitting questionable code to the mainline kernel.

The dubious code submissions were done for the purposes of a research paper, titled, “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits.”

Code review

The kernel developers did not take kindly to being experimented on.

In light of the revelations, senior kernel developer Greg Kroah-Hartman proposed to review and purge all contributions to the kernel made from official University of Minnesota email addresses.

The letter, a copy of which has been published byZDNet, puts Kroah-Hartman demands into action and asks UMN to provide “all information necessary to identify all proposals of known-vulnerable code from any U of MN experiment.”

“The information should include the name of each targeted software, the commit information, purported name of the proposer, email address, date/time, subject, and/or code, so that all software developers can quickly identify such proposals and potentially take remedial action for such experiments,“ demands the letter.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Human research

While the researchers claim that the intention of their project was to help improve the security review process of the Linux kernel, it is the manner in which they went about their “experiment” that doesn’t sit well with the developers.

In a FAQ, the researchers first claimed they did not seek prior approval from the University’s Institutional Review Board (IRB) since the project wasn’t considered “human research.”

In the letter, Mike Dolan, the Linux Foundation’s senior VP and general manager of projects, sets the record straight.

“We believe experiments on people without their consent is unethical, and likely involves many legal issues. People are an integral part of the software review and development process. The Linux kernel developers are not test subjects, and must not be treated as such,” writes Dolan.

In light of these developments, Dolan asks UMN to withdraw the paper from any formal publication.

As things stand now, the paper has been accepted for publication by the IEEE Symposium on Security and Privacy (IEEE S&P) 2021. The UMN hasn’t yet responded to the letter.

ViaZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new malware utilizes a rare programming language to evade traditional detection methods

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time