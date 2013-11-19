Last week, senior Linux kernel developer Greg Kroah-Hartman announced that all Linux patches coming from the University of Minnesota would be summarily rejected by default.

This policy change came as a result of three University of Minnesota researchers—Qiushi Wu, Kangjie Lu, and Aditya Pakki—embarking on a program to test the Linux kernel dev community's resistance to what the group called "Hypocrite Commits."

[...] The trio's scheme involved first finding three easy-to-fix, low-priority bugs in the Linux kernel and then fixing them—but fixing them in such a way as to complete what the UMN researchers called an "immature vulnerability":

[...] The three researchers would then email their Trojan-horse patches to Linux kernel maintainers to see if the maintainers detected the more serious problem the researchers had introduced in the course of fixing a minor bug. Once the maintainers responded to the submitted patch, the UMN researchers pointed out the bug introduced by their patch and offered a "proper" patch—one that did not introduce a newly exploitable condition—in its place.

Lu, Wu, and Pakki published their findings in February at the 42nd IEEE Symposium on Security and Privacy.

[...] Last week, in response to these "Hypocrite Commits," senior Linux kernel dev Greg Kroah-Hartman reverted 68 patches submitted by folks with umn.edu email addresses. Along with reverting these 68 existing patches, Kroah-Hartman announced a "default reject" policy for future patches coming from anyone with an @umn.edu address.

[...] This Saturday, the UMN research team apologized to the Linux community via an open letter posted to the Linux Kernel Mailing List. The nearly 800-word open letter comes across as more "wait, you don't understand" than apology:

[...] Kroah-Hartman acknowledged the letter Sunday but was clearly less than impressed: