University Of Minnesota Apologizes To Unwavering Linux Community Over Kernel Kerfuffle
Earlier this year, three researchers from UMN published a paper that proved that vulnerabilities could be slipped past Linux Kernel maintainers. The team used three easily fixed bugs in the Linux kernel, which all had the trappings of becoming a vulnerability, and submitted them to see if the maintainers detected a problem. Once the maintainers replied to the patch, the UMN researchers explained the bug and gave an actual patch instead of the one originally submitted.
Then, UMN issued a public apology while the researchers more recently did so on the Linux Kernel Mailing List, but the latter was not taken as well as the researchers likely hoped. Greg K-H replied with the following to the 800-word apology letter:
Thank you for your response.At present, we do not know what the contents of that letter Greg mentioned are; however it likely entails some sort of apology and requirement to cease research like this in the future. In any case, it seems that a small divide is forming in the Linux community in which some believe that UMN did nothing wrong. One person in the apology letter thread compared UMN to "kids laughing loud that 'the emperor has no clothes.' More precisely, that the emperor STILL has no clothes. Ten year later."
As you know, the Linux Foundation and the Linux Foundation's Technical
Advisory Board submitted a letter on Friday to your University outlining
the specific actions which need to happen in order for your group, and
your University, to be able to work to regain the trust of the Linux
Until those actions are taken, we do not have anything further to
discuss about this issue.
Whatever your view is, it is certainly a complex and continually evolving situation with many outcomes to consider. Perhaps more people will come to support each side in a healthy discussion about cybersecurity and how research should be executed in the future. Either way, let us know what you think of all of this in the comments down below.