A couple of weeks ago, we reported that Greg Kroah-Hartman from the Linux kernel development and maintenance team had banned submissions from the University of Minnesota (UMN) due to some questionable patches that they submitted. The issue received a lot of public attention particularly due to the email exchanges between Hartman and the student researchers being made public. The latter argued that the patches come in the form of "a new static analyzer", but Hartman took issue with the fact that the clearly incorrect patches had been submitted to the kernel without any warning.
After much back and forth, the department heads for Computer Science at UMN stated that they would investigate the matter further, and soon after, the student researchers published an apology giving more context to their dubious efforts.
Now, the Linux Technical Advisory Board (TAB) has published its own findings of the matter and its recommendations for the future.
In its detailed audit, the Linux TAB has described the entire timeline of events from the time when "one member of the UMN community" began a research project in August 2020 to intentionally introduce flaws in the Linux kernel with fake identities. A research paper on this endeavor was published in November 2020 after which no patches were submitted. Questionable submissions began again in April 2021 which is when Hartman confronted the researchers and eventually banned them from contributing in the future.
Linux TAB has concluded that the researchers broke several documented rules including submitting patches with false identities. Five of these changes were publicly admitted to being invalid by the researchers in their paper, but the TAB has noted that all incorrect changes were caught or ignored by developers and maintainers, which means that its review process works correctly.
435 commits from the UMN were reviewed in total. A summary of findings can be seen below:
- Commits found to be correct: 349
- Commits found to be incorrect and in need of fixing: 39
- Commits already fixed by later commits: 25
- Commits that no longer matter: 12
- Commits made before the research group existed: 9
- Commits the author asked to have removed: 1
In light of the above, the Linux TAB has recommended that moving forward, UMN must improve the quality of its patches. It has also indicated that it will work with researchers to document best practices for contribution to open source projects, including the Linux kernel. It has suggested that the UMN set up its own internal review team, which should consist of at least one experienced developer who validates changes before they are submitted to the kernel. The Linux TAB has cautioned that:
Until such a review process is put into place, it will be difficult to re-establish the trust between UMN and the kernel community, and patches from UMN will continue to find a chilly reception. If UMN needs help to find such a developer or to set up an internal review process, the TAB will be glad to assist. This is a role the TAB has played with many groups in the past.
The Linux TAB has emphasized that the research community and kernel developers and maintainers can work in harmony, as they have done so in the past, but the goal of the community should be to create a robust kernel for production use. If efforts like this benefit only the research community, then conflicts such as this can arise, but they can be avoided if the recommendations of the Linux TAB are followed. You can read the letter in detail here.