Comment by kleiba
4 years ago
How is such a ban going to be effective? The "researchers" could easily continue their experiments using different credentials, right?
4 years ago
How is such a ban going to be effective? The "researchers" could easily continue their experiments using different credentials, right?
Arbitrary anonymous submissions don't go into the kernel in general. The point[1] behind the Signed-off-by line is to associate a physical human being with real contact information with the change.
One of the reason this worked is likely that submissions from large US research universities get a "presumptive good faith" pass. A small company in the PRC, for an example, might see more intensive review. But given the history of open source, we trust graduate students maybe more than we should.
[1] Originally legal/copyright driven and not a security feature, though it has value in both domains.
> A small company in the PRC, for an example, might see more intensive review.
Which is a bit silly, isn't it? Grad students are poor and overworked, it seems easy to find one to trick/bribe into signing off your code, if you wanted to do something malicious.
Grad students have invested years of their life, for no reward, in research on a niche topic. Any ding to their reputation will adversely effect their entire career. I doubt this guy would get a post doc fellowship anywhere after this.
2 replies →
Well, there's nothing easier to corrupt than a small company (not just in the PRC), because you could found one specifically to introduce vulnerabilities without breaking any laws in any country I know of.
They do if the patch "looks good" to the right people.
In late January I submitted a patch with no prior contributions, and it was pushed to drm-misc-next within an hour. It's now filtered it's way through drm-next and will likely land in 5.13.
But your signed-off-by was a correct email address with your real identity, as per:
https://github.com/torvalds/linux/blob/master/Documentation/...
Right? It's true that all systems can be gamed and you could no doubt fool the right maintainer to take a patch from a fraudulent source. But the point is that it's not as simple as this grad student just resubmitting work under a different name.
1 reply →
The ban is aimed more at the UMN dept overseeing the reserach than at preventing continued "experiments." I imagine it would also make continued experiments even more unethical.
I think it is more of a message than a solution
> How is such a ban going to be effective?
It trashes University of Minnesota in the press. What is going to happen is that the president of the university now is going to hear about it, so will the provost and so will people in charge of doling money. That will rapidly fix the professor problem.
While people may think that tenure professors get to do what they want, they never win in a war with a president and a provost. That professor is toast. And so are his researchers
The professor's site says that he is an assistant professor, i.e., he doesn't actually have tenure yet.
Well his career is over. He's now unemployable in academia.
1 reply →
Any data collected from such "research" would be unpublishable and therefore worthless.
Their whole department/university just got officially banned. If they attempt to circumvent that, the authorities would probably be involved due to fraud.
Thus moving from merely unethical to actually fraudulent? Although from the email exchanges it seems they are already making fraudulent statements...
At least it might prompt the University to take action against the researchers.
I believe this is so that the university treats the reports seriously. It's basically a "shit's broken, fix it". The researchers are probably under a lot of pressure from the rest of the university right now.
If you're a young hacker that wants to get into kernel development as a career, are you going to consider going to a university that has been banned from officially participating in development for arguably the most prolific kernel?
The next batch of "researchers" won't be attending the University of Minnesota, and other universities scared of the same fate (missing out on tuition money) will preemptively ban such research themselves.
"Effective" isn't binary, and this is a move in the right direction.
The kernel that runs on mars now and on home/work desktops.