To clarify, does that mean all 150+ were reviewed and all but 37 were deemed worth keeping, or is it just that only 37 have been tackled so far?

Yes. Out of 150+ patches reviewed, 37 were removed and/or reverted as well as the fixes necessary to do that.

Funnily enough, I read your post the first time as "150+ removed...37...worth keeping".

Now, when are we going to hear about the further actions taken against (1) the University of Minnesota, and (2) those "researchers"--every last one; ALL up and down the chain of this particular instance--who are (they STILL are) responsible for this debacle performed in the name of "academic research"?
There ARE going to be further actions taken, aren't there?

This is absolutely unacceptable. At a minimum, those "researchers", along with everyone associated with the approval process of that "research" should be fired; and the University of Minnesota should be sanctioned--in the strongest possible ways--for allowing this to ever have happened.

U.S. Government--how about YOUR pulling any and all funding, from this university, having anything and everything to do with Computer Science, and Electrical and Computer Engineering. This "institution of higher learning" has proven, beyond any shadow of a doubt, that it is not; and the tax-payers, who pay for the funding of university research, ought to be assured that their money is not wasted--as it most obviously is in the funding of "research" at the University of Minnesota.

That's good - the university may have made some mistakes but at least they have some real and worth-keeping contributions. Though 37 is surprisingly high for patches that weren't malicious and not worth keeping.

Haha and yeah, reading back my question, I did phrase it weirdly.

I thought the same thing.

I was a little confused in the article and had to read it slowly multiple times. I think it's both more a case of when humans read numbers and words together our brains sometimes go WTF is going on here. That's especially true if you're like me and your brain likes to swap words or letters around when you speed read.

Why would there be? And why do you put "these" "terms" in "quo"te"s""?" It was research.
People with actual malicious intent who are paid to introduce vulnerabilities into the kernel neither are nice enough to document their activities in research papers, nor will they use obvious email addresses that tell everyone who they are working for. This incident served as an excellent wake-up call and a good reminder of the need to be as critical as reasonably possible with changes submitted to open-source software. The wake-up call clearly didn't work for you, since clearly the illusion of a perfect world be restored for you just by burning some witches at the stake, but at least most of the kernel devs are bound to be smarter than you.

I wonder if GKH still supports BLM now. It's not so fun when it's your house on fire.

Ethical research requires consent, for starters.

Its not that straight forwards. Looking for true threat causing problems is different to looking for a person just submitting do nothing commits.

To be correct a lot of parties with malicious intent do document how they do things. Ok not in the normal public internet. Over time the automated bots that run over the source code from Intel and others on the Linux kernel have been coded to detect a lot of these true malicious things. Lot of the malicious like bragging with each other how they did things.

The blame feature of git was put there that after the fact you could back trace to who added a particular fault. Does not get talked about a lot but quite a few developers and companies have been banned from submitting to the Linux kernel. Only thing that unique here is that its a University really.