Particularly once you start considering where the Linux kernel end up.

There is a miss belief that the open source communities are this we welcome everyone place. The hard reality is they are not there is a requirement to maintain trust and trust is really simple to lose with extrema effects to that loss. Yes they appear friendly until you are not trustworthy then you have pitchfork problem that will not back off simply.

Well I can't say you're not living up to your name. I guess it is best to err on the side of caution.

Of course this is what happened. First, it is undeniable they tried to introduced bugs to the kernel. They have an earlier paper about it here, so I guess you won't dispute that. Second, when confronted, first they denied they did any such thing and still tried to get a new nonsense patch in. Then, when the issue was brought into a more public light, they openly defended themselves claiming they though it was okay what they did because it is not human research.

They said, and I'm quoting from the researcher's own public FAQ about the case:
"This is not considered human research. We send the emails to the Linux community and seek community feedback. The study does not blame any maintainers but reveals issues in the process. ... Throughout the study, we honestly did not think this is human research, so we did not apply for an IRB approval in the beginning. We apologize for the raised concerns. This is an important lesson we learned - Do not trust ourselves on determining human research; always refer to IRB whenever a study might be involving any human subjects in any form."

Now, obviously there are a couple of problems with the above quote:
1) They base "good" and "bad" entirely on the fact whether it is considered human research by *others*.
2) It doesn't actually address their own judgement or admit they were wrong. They only admit they should have asked somebody earlier.
3) They ignore that when the IRB (Institutional Review Board) gave them green light mid-research, they still thought it was okay and continued with it.
4) Beside the question whether this was human research or not, they completely ignore that their methodology was unethical for other reasons too.

Basically, their FAQ is just like their research. They ask the wrong questions, reach the wrong conclusions, and fail to discuss the actual problems. All the while trying to submit new fake patches, even after they were found out, LOL. So, User42, care to elaborate where I was wrong?

Why feed the troll? They made something stupid and damaged Linux project.

Let Linux Foundation get damage control and compensation for such awful actions.

Throw money? A consulting firm to audit the code? Whatever, they deserve to compensate more than what they did as a pragmatic "sorry" to the community. Words are nothing, actions are the important stuff.

Linux kernel is a giant project that is very interesting for students to acquire experience and for researchers too.

Of course, new procedures and tools should be made to avoid this kind of disasters. But they choose the very wrong way of do things and ought to pay for it.

If real world was better, they should already be in a trial and a strong resolution done in less than a week. But well see.

Which begs the question... What's gonna happen next time he reviews and accepts (or submit) a buggy patch? However unintentional it was, it looks like most people both working in the kernel and here say it's a non-problem that definitely does not need to be studied. So should I say "too bad that used-after-free bug was introduced more than 5 years ago, really nothing we can do"...

I don't know, I personally think it's better, once, to slap a child who does not behave instead of letting them getting driven over by a car because once again they were not listening. Sure, a slap might be too strong, there are certainly other ways, but given the 2, I'd prefer my child to be unhappy for 5 minutes and live a long life instead of dying there. As much as I understand all the discussion about a slap being unnecessary or a bad way of doing it, when the child gets driven over, I find normal to ask parents what the heck they were thinking. There are enough CVEs (and obvious regressions) to say the kernel does not "behave".

Good this is not what happened!

This Burn Loot Murder University terrorism issue was just covered on gamers nexus.

This has nothing to do with cancel culture. This group has knowingly and on purpose introduced bugs and vulnerabilities into a piece of software that millions of people around the globe rely on, many of them in mission-critical environments, and they admittedly didn't even feel bad about it, they openly said they see nothing wrong with their methodology. They only sent out their open-letter when they got banned as a result, which in light of their previous statements just days ago, is clearly not honest. This is justified self-defense from the kernel developers. Claiming this is cancel culture is like saying it is cancel culture to ban somebody from your home after they've committed vandalism in it and they don't even see what they did wrong and they'd do it again.

Besides making an ass of yourself, what's your point? AFAICT, he didn't publish the list, so what does it change?

Banning isn't cancelling. They're rightfully barred from "contributing" their crap into Linux. Nobody has e.g. banned them from Github altogether, blocking them for participating into other project as well. Nobody has taken their employment at the university away. They're still free to conduct their nonsense "research" as if nothing ever happened, just not with Linux anymore. And their ban from Linux repos doesn't seem permanent either.

What a load of crap!