University Of Minnesota Apologizes To Unwavering Linux Community Over Kernel Kerfuffle

Earlier this year, three researchers from UMN published a paper that proved that vulnerabilities could be slipped past Linux Kernel maintainers. The team used three easily fixed bugs in the Linux kernel, which all had the trappings of becoming a vulnerability, and submitted them to see if the maintainers detected a problem. Once the maintainers replied to the patch, the UMN researchers explained the bug and gave an actual patch instead of the one originally submitted.
This methodology and the lack of telling anyone about the plan struck a chord among the Linux community, and especially with Greg Kroah-Hartman. "Greg K-H," as he is known online, is a senior Linux kernel developer that decided to stick up for the other developers who were subjected to research. He first called out UMN and then reverted 68 patches from anyone with a @umn.edu address. Following that, he instantiated a "block by default" rule for the school, with no clear way forward.

Then, UMN issued a public apology while the researchers more recently did so on the Linux Kernel Mailing List, but the latter was not taken as well as the researchers likely hoped. Greg K-H replied with the following to the 800-word apology letter:

Thank you for your response.

As you know, the Linux Foundation and the Linux Foundation's Technical
Advisory Board submitted a letter on Friday to your University outlining
the specific actions which need to happen in order for your group, and
your University, to be able to work to regain the trust of the Linux
kernel community.

Until those actions are taken, we do not have anything further to
discuss about this issue.

thanks,

greg k-h

At present, we do not know what the contents of that letter Greg mentioned are; however it likely entails some sort of apology and requirement to cease research like this in the future. In any case, it seems that a small divide is forming in the Linux community in which some believe that UMN did nothing wrong. One person in the apology letter thread compared UMN to "kids laughing loud that 'the emperor has no clothes.' More precisely, that the emperor STILL has no clothes. Ten year later."
This person further claims that the outcry from Greg and others is merely a distraction from the Linux community's pitfalls. On the other hand, someone else explains that UMN's methodology lacked tact and kindness and was more a point and laugh sort of project. They specifically state, "Demonstrating a well-known weakness is easy. Pointing the finger is easy. Helping however, requires another level."

Whatever your view is, it is certainly a complex and continually evolving situation with many outcomes to consider. Perhaps more people will come to support each side in a healthy discussion about cybersecurity and how research should be executed in the future. Either way, let us know what you think of all of this in the comments down below.