Intentionally buggy commits for fame—and papers [LWN net] lwn.net - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from lwn.net Daily Mail and Mail on Sunday newspapers.
The University of Minnesota Banned by Linux – Why Open Source is Problematic
Recently, two researchers from the University of Minnesota and fellow graduates could upload intentionally buggy code and junk code into the Linux Kernel and accepted by the community. Why did the researchers do this, how did the Linux community react, and what does this demonstrate about open source software?
Researchers Upload Buggy Code to Demonstrate Security Flaws
Recently, a paper was released by the University of Minnesota written by Qiushi Wu and Kanhjie Lu titled “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”. The paper describes how the two researchers could generate code that claims to fix one bug in the Linux kernel while intentionally introducing other bugs. The Linux kernel is open-source, and as such, can be accessed by the wider community, and anyone can suggest changes to the code via submissions.
How a university got itself banned from the Linux kernel
The University of Minnesota’s path to banishment was long, turbulent, and full of emotion
On the evening of April 6th, a student emailed a patch to a list of developers. Fifteen days later, the University of Minnesota was banned from contributing to the Linux kernel.
“I suggest you find a different community to do experiments on,” wrote Linux Foundation fellow Greg Kroah-Hartman in a livid email. “You are not welcome here.”
How did one email lead to a university-wide ban? I’ve spent the past week digging into this world the players, the jargon, the university’s turbulent history with open-source software, the devoted and principled Linux kernel community. None of the University of Minnesota researchers would talk to me for this story. But among the other major characters the Linux developers there was no such hesitancy. This was a community eager to speak; it was a community betrayed.
iTWire - Torvalds says submitting known buggy kernel patches is a breach of trust itwire.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from itwire.com Daily Mail and Mail on Sunday newspapers.