They're students trying to silence errors from static analysis. It's a reach to claim that it's not in good faith because it's clearly wrong. They aren't experienced Linux kernel or probably even C developers. Many of the fixes they've submitted are still useful and correct.
Conversation
Sure, you may well be correct here, however given the circumstances I think a certain level of cynicism is a good thing. You've jumped very quickly to fight this position which I never claimed to hold? My comment is based on 5 minutes of reading, nothing more.
1
It's naive to claim that all their patches are in good faith, e.g. this one, but then we get into arguing if it's justified to ban the university, and frankly I don't have a hat in that ring. I don't feel strongly either way.
1
So, maybe you shouldn't be making claims about whether someone was acting good faith based on 5 minutes of reading. Those are pretty serious accusations. The university acted unethically but so are certain kernel maintainers, and so are you right here.
2
You're accusing a student of maliciously submitting a patch without bothering to spend the time looking into the situation. See the problem?
What happens if someone malicious decides to start doing it instead of researchers with an unethical study not intended to cause harm?
1
I don't understand a number of your responses in this thread. It seems like you're taking statements as meaning much broader things than they do on a plain reading.
2
1
Here is a screenshot of a paper by two U of Minn students which specifically claims "As a proof of concept, we successfully introduce multiple exploitable use-after-free in the latest Linux kernel". Do you suggest the events described there did not happen?
Quote Tweet
To follow up on this. I co-signed a letter with a number of other researchers expressing concern to @IEEESSP regarding the ethics research of this research.
A letter from the authors of the study can now be found here: www-users.cs.umn.edu/~kjlu/papers/c
Show this thread
2
They didn't send the intentionally wrong patches from university email addresses. They list the patches and they were sent from Gmail addresses. I've looked at the threads where they send the incorrect patches and then question the maintainer accepting the patch from them.
2
In one case, they seem to have failed to create an incorrect patch. The maintainer decided they were wrong about it causing a use-after-free and applied it anyway.
Another patch never got a response and 3 of them were accepted but then rejected after they said it was incorrect.
1
So, I'm just trying to talk this out. There are a few things here:
Upthread I say "I feel like I would have been tricked by this... on the basis of the authority of 'affiliated with the university of minnesota'". This was an informal comment, it may well have been nonsense.
2
The patches submitted as part of the research for the paper were submitted from Gmail addresses.
Before and after those patches were submitted, they've been submitting fixes for bugs found by static analysis. Many of those fixes are valid. The vast majority appear harmless.
Some of these changes are wrong. Greg KH is framing the cases that are wrong as being part of this study. The study itself didn't use their university addresses.
So, essentially, the claim is being made that they continued it and mixed it into good faith static analysis work.
1