Comment by zulban
4 years ago
It sends a strong message - universities need to make sure their researchers apply ethics standards to any research done on software communities. You can't ignore ethics guidelines like consent and harm just because it's a software community instead of a meatspace community. I doubt the university would have taken any action at all without such a response.
>It sends a strong message
At a cost to mostly people who didn't / and I'll even say wouldn't do the bad thing.
I understand the point that you are making, but you have to look at it from the optics of the maintainer. The email made it clear that they submitted an official complaint to the ethics board and they didn't do anything. In that spirit it effectively means that any patch coming from that university could be vulnerability injection misrepresented as legitimate patches.
The Linux kernel has limited resources and if one university lack of oversight is causing the whole process to be stretched tinner than it already is then a ban seems like a valid solution.
@denvercoder9 had a good comment that might assuage your concern:
> It's not a ban on people, it's a ban on the institution that has demonstrated they can't be trusted to act in good faith. If people affilated with the UMN want to contribute to the Linux kernel, they can still do that on a personal title. They just can't do it as part of UMN research, but given that UMN has demonstrated they don't have safeguards to prevent bad faith research, that seems reasonable.
In this case, the cost is justified. The potential cost of kernel vulnerabilities is extremely high, and in some cases cause irrecoverable harm.
If that cost is high, why are they accepting and rejecting code based on email addresses?
https://twitter.com/FiloSottile/status/1384883910039986179
(Clearly the academic behavior is also a problem, there's no good justification for asking for reviews of known bad patches)
Has the university taken action yet? All I heard was after blowback, UMN had their institutional review board retroactively review the paper. They investigated themselves and found no wrongdoing. (IRB concluded this was not human research)
UMN hasn't admitted to any wrongdoing. The professor wasn't punished in any form whatsoever. And they adamantly state that their research review processes are solid and worked in this case.
An indefinite ban is 100% warranted until such a time that UMN can demonstrate that their university sponsored research is trustworthy and doesn't act in bad faith.