This article is more than 1 year old
It took 'over 80 different developers' to review and fix 'mess' made by students who sneaked bad code into Linux
Patches to land in Linux 5.13
Linux maintainer Greg Kroah-Hartman has sent in a pull request for Linux 5.13 aimed at dealing with grief caused by the antics of some students at the University of Minnesota.
The fixes, for rc3 of version 5.13 of the kernel, included a terse note from Kroah-Hartman:
The majority here is the fallout of the umn.edu re-review of all prior submissions. That resulted in a bunch of reverts along with the "correct" changes made, such that there is no regression of any of the potential fixes that were made by those individuals. I would like to thank the over 80 different developers who helped with the review and fixes for this mess.
That's right. It took more than 80 developers to deal with the fallout from the work of the University of Minnesota compsci students. The ill-judged attempt to subvert the Linux kernel last month resulted in a blanket ban for contributions from anyone with a University of Minnesota email address and a bulk reversion of the commits.
- University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired
- Lessons have not been learned: Microsoft's Modern Comments leave users reaching for the rollback button
- When software depends on a project thanklessly maintained by a random guy in Nebraska, is open source sustainable?
Phoronix noted that out of the 150 or so patches submitted by umn.edu developers over the years, only 37 ended up being reverted in this pull request. Most were either unneeded or "incorrect."
The request brings to an end the reviewing and cleaning up of the umn.edu patches to the kernel, and we're sure the time of those "over 80 different developers" could have better been used elsewhere.
However, questions remain over processes behind the scenes, such as those posed by Filipo Valsorda, a cryptographer and software engineer, over making trust decisions based on email domains. A month on, and his point remains valid:
Possibly unpopular opinion, but I feel like "only merge things after verifying they are valid" should maybe be the default policy of the most used piece of software in the world. pic.twitter.com/79AT1b3lxQ— Filippo Valsorda 💉💉🎉 (@FiloSottile) April 21, 2021