Linux kernel team rejects University of Minnesota researchers’ apology
Last week, senior Linux kernel developer Greg Kroah-Hartman announced that all Linux patches coming from the University of Minnesota would be summarily rejected by default.
This policy change came as a result of three University of Minnesota researchers—Qiushi Wu, Kangjie Lu, and Aditya Pakki—embarking on a program to test the Linux kernel dev community's resistance to what the group called "Hypocrite Commits."
The trio's scheme involved first finding three easy-to-fix, low-priority bugs in the Linux kernel and then fixing them—but fixing them in such a way as to complete what the UMN researchers called an "immature vulnerability":
We employ a static-analysis tool to identify three "immature vulnerabilities" in Linux, and correspondingly detect three real minor bugs that are supposed to be fixed. The "immature vulnerabilities" are not real vulnerabilities because one condition (such as a use of a freed object) is still missing [...] We construct three incorrect or incomplete minor patches to fix the three bugs. These minor patches however introduce the missing conditions of the "immature vulnerabilities."