A group of researchers at the University of Minnesota have knowingly submitted a buggy patch to gauge community reaction to their work, and anyone using a University of Minnesota e-mail has been banned from posting to the open source Linux Kernel Archives.

The incident, which came to our attention through a post on the LinusTechTips forum, appears to have started when university researchers used the Linux Kernel site to gauge its security level. However, the manner in which they conducted this study was deemed somewhat unethical by the site's standards, resulting in a blanket ban on future postings from the entire university.

The researchers had posted what site administrator Greg Clore Hartman identified as a "known bug" patch.

When the site administrators confronted them, their response was astonishing:

"We respectfully request that you stop making wild accusations that verge on slander."

The site administrators were not happy with the patch.

They claimed that they sent the patch to get feedback and concluded: "Obviously, it is the wrong step, but your preconceived bias is so strong that you make claims without merit and give us the benefit of the doubt. Not only are you unwelcome, but I will not be sending you any more patches because of your intimidating attitude toward novices and non-experts."

Rather than admit their somewhat questionable practices, they manage to rehash them. Kroah-Hartman's response, however, takes them down a notch, accusing them of publicly admitting that they "sent known bug patches to see how the kernel community would react."

Kroah-Hartman criticizes them for "continuing to experiment with developers in the kernel community" after the group submitted a "new series of patches that are clearly inaccurate." He points out that instead of asking for help when most users are unsure about a patch, the group claimed it was a legitimate fix that they "know is wrong."

Kroah-Hartman then orders the banning of "all future submissions" from the university and the removal of the researcher's previous submissions because they were "maliciously submitted with the obvious intent to cause problems."

After the site came under fire, the University of Minnesota filed a statement of concern about the study, in which it explained that the study was "conducted by a faculty member and a graduate student" and that it has "serious concerns" about the way it was conducted. In response, the Linux Foundation sent a letter of request to the University outlining the steps that should be taken to correct this mismanagement.

The University of Minnesota subsequently issued a letter of public apology to the Linux community, in which it noted that the patch submitted "did not introduce a vulnerability into the Linux code."

While that is all well and good, the main problem is the non-consensual nature of the experiment. The university nods to this: "Our goal was to improve the security of Linux, but making Linux the subject of our research hurt the community.

Finally, after all the back-and-forth, the university's Department of Computer Science and Engineering issued a response through all manner of amends.

So the furor seems to have died down a bit, and although there is no announcement yet as to whether the ban will be lifted by the Linux Foundation, the institutions seem to have reached an agreement.

Let's hope this serves as a warning to those planning to experiment on developers who know nothing about it.