Comment by up2isomorphism
4 years ago
From an outsider, the main question is: does this expose an actual weakness in the Linux development model?
From what I understand, this answer seems to be a "yes".
Of course, it is understandable that GKH is frustrated, and if his community do not like someone pointing out this issue, it is OK too.
However, one researcher does not represent the whole university, so it seems immature to vent this to other unrelated people just because you can.
The main issue is that the researchers are now untrustworthy because they conducted this experiment without permission. Essentially, the kernel dev team can no longer trust that any given patch from U of M isn't the same research team using a different email address to submit more malicious patches.
You actually think there should be way to "trust" someone by looking at his/her Email address domain?
No? I think that there is reason to not trust anything from a given domain if that domain is in use by bad actors.
The university has an ethics board to review experiments. So what experiments get allowed reflects on the whole university
If you are actually in a graduate school, you will know it is practically impossible to review details like this, otherwise nobody can do any real work.
Besides, how to test the idea without doing what they did? Can you show us a way?
No, because there is already historic evidence that it's a weakness.