Comment by corty

> they didn’t do anyone harm.

Several of the patches are claimed to have landed in stable. Also, distributions and others (like the grsecurity people) pick up lkml patches that are not included in stable but might have security benefits. So even just publishing such a patch is harmful. Also, fixes were only provided to the maintainers privately as it seems, and unsuccessfully. Or not at all.

> If your excuse is “you knew the patch was vulnerable”, then how are you going to defend the project from bad actors?

Exactly the same way as without that "research".

If you try to pry open my car door, I'll drag you to the next police station. "I'm just researching the security of car doors" won't help you.