You guys are funny
The offending patches have not been submitted form the university's domain, but from throwaway gmail accounts. It's all described in the paper, but of course no one who has an opinion about the paper has actually read it, as usual.
The patches were never meant to damage anything, they say they informed the maintainers about the experiment as soon as the malicious patches received approval on the mailing list and suggested correct fixes.
Unfortunately we won't get to see the details of those exchanges without some extensive digging, because they have been redacted from the paper to protect the guilty maintainers. That was indeed done to calm down the ethics review guys.
They passed ethics review by insisting that no personal information will be collected or published and they only test "the development process" as such.
Finally, all the patches nuked by Greg were patches from random students looking for issues or playing with static analyzers. Most appear to have been accepted, a few have been found suboptimal, a few were rejected because they don't work.
I'm disappointed that Greg hasn't followed up with the obvious and requested a review of patches submitted from other students around world (and from random strangers with gmail accounts). Like they should be doing in the first place
OTOH, the paper is perhaps not very useful and the solutions they propose are either "no shit Sherlock" or plain dumb. But I would say it may still be worth it for the publicity stunt alone Perhaps a lesson has been learned, do such things anonymously and don't brag about them under your real name later.
As the song goes...lotta people funny - now you funny too.
I did read the original paper and no I did not try to study it intently and yes, you and a kazillion other nerds know much more about Linux than I. I thought the ban was against .edu and maybe I am wrong...probably I am wrong even.
In your indictment about funny people above, "
The patches were never meant to damage anything, they say they informed the maintainers about the experiment as soon as the malicious patches received approval on the mailing list and suggested correct fixes." and
"Finally, all the patches nuked by Greg were patches from random students looking for issues or playing with static analyzers. Most appear to have been accepted, a few have been found suboptimal, a few were rejected because they don't work."So, I just read this:
https://lore.kernel.org/linux-nfs/YH%2F8jcoC1ffuksrf@kroah.com/"> > > They introduce kernel bugs on purpose. Yesterday, I took a look on 4
> > > accepted patches from Aditya and 3 of them added various severity security
> > > "holes".
> >
> > All contributions by this group of people need to be reverted, if they
> > have not been done so already, as what they are doing is intentional
> > malicious behavior and is not acceptable and totally unethical. I'll
> > look at it after lunch unless someone else wants to do it..."
Yes, there are snips and so on and it is hard to follow the thread, but it does not look like these are all from random students, as you said. It looks like these are from a known and small group of students. [edit: the ones that really pissed people off]
There also appear to have been two rounds of this and "the paper" is distinct from the "analyzer" round. Even though you mentioned the analyzer, you don't seem to appreciate that difference when you suggest "it's all in the paper'.
It is difficult to unravel all the facts and I have repeatedly stated that I want to understand clearly what was done and why is it wrong...so even as I continue to get details wrong, I am not that funny.