The researchers who got the University of Minnesota (UMN) banned from contributing to the Linux kernel are going to have to do more than apologize for their actions. ZDNet reported that the Linux Foundation’s Technical Advisory board sent a list of demands the university will have to meet before it can seek forgiveness.
A quick recap: UMN researchers contributed intentionally flawed code to the Linux kernel in August 2020 for a paper on these so-called “hypocrite commits” that was published in February. A separate project meant to “automatically identify bugs introduced by other patches” then drew the ire of Greg Kroah-Hartman, the developer who oversees the Linux kernel’s stable release channel last week.
Kroah-Hartman banned the entire UMN system from contributing to the Linux kernel as a result of the research projects. That decision was followed by an apology from the UMN Department of Computer Science and Engineering (CSE), a significant amount of discussion amongst the Linux community, and then a separate apology from the faculty and students who actually conducted the controversial research.
ZDNet reported that the Linux Foundation’s Technical Advisory Board contacted UMN Friday—a day before the researchers issued their apology—with a list of demands. (And, of course, additional criticism regarding the amount of work the research projects created for other developers.) The letter was officially penned by Linux Foundation senior VP and general manager of projects Mike Dolan.
“Please provide to the public, in an expedited manner, all information necessary to identify all proposals of known-vulnerable code from any U of MN experiment. The information should include the name of each targeted software, the commit information, purported name of the proposer, email address, date/time, subject, and/or code, so that all software developers can quickly identify such proposals and potentially take remedial action for such experiments.”
Dolan also pushed for the UMN researchers to withdraw ”from formal publication and formal presentation all research work based on this or similar research where people appear to have been experimented on without their prior consent.” He said “there should be no research credit“ for information that’s already online, too.
ZDNet reported that the final condition was to “ensure that all future IRB reviews of proposed experiments on people will normally ensure the consent of those being experimented on, per usual research norms and laws," as Dolan put it. He also made it clear that the Linux Foundation (and presumably the developer community as a whole) wants UMN to respond to this list of demands as quickly as possible.
Kroah-Hartman issued a response to the UMN researchers Sunday. “Thank you for your response. […] As you know, the Linux Foundation and the Linux Foundation's Technical Advisory Board submitted a letter on Friday to your University outlining the specific actions which need to happen in order for your group, and your University, to be able to work to regain the trust of the Linux kernel community.
“Until those actions are taken, we do not have anything further to discuss about this issue.”
We doubt that will be the final word on the subject—the UMN CSE still has to complete its investigation into these projects, decide if the researchers are going to be punished, provide the information requested by the Linux Foundation’s Technical Advisory Board, and then publicly respond to the controversy as it continues to develop, all while the rest of the Linux community looks into the problem as well.