[fluidcruft]

I actually disagree as it would expose which maintainers accepted these sorts of patches and that can have implications for their reputations and livelihood. Beyond that, this is just "Open Source software can be vulnerable to bad actors (News at 10)".

[yndoendo]

Is it your belief that maintainers should be viewed as automatons, impervious to mistakes, like how many view the service industry?

Maintainers are humans, flawed just like us all, good maintainers choose to accept and learn from their gaffes.

[elliekelly]

But let's also keep in mind these are humans, flawed and all, who were experimented on without permission. Ethical (and consensual) experiments would never reveal the identity of the participants and their exact reaction(s) under the experimental conditions. Just because the experiment started without any ethical considerations doesn't mean all ethical considerations should be ignored with respect to the "data" collected by the experiment.

[fluidcruft]

No, my belief is the IRB would only waive consent if this sort of public disclosure is not allowed. Naming-and-shaming is not a valid research goal. Improper research results in censure and exclusion from the scientific corpus, not full public disclosure.

[loeg]

I don't believe the Linux kernel community would perceive the information in that way. Everyone is vulnerable to this kind of bad faith submission; gregkh and others seem to understand that.

[fluidcruft]

Individual kernel maintainers should probably be able to contact the IRB to inquire whether they were personally enrolled in the study. The IRB may reply to that, or they might ask the study to notify all enrolled participants individually. Those individuals could then on their own publicly disclose the fact that they were enrolled. But I don't see why the general public has any need to know anything and it's unreasonable to make the demand.

[sokoloff]

That's true to a point, but hiding that information is arguably (and in my estimation) worse.

"We better not look for other incidences of this nefarious behavior because it might create a small amount of collateral damage. Better to leave those patches unexamined."

[fluidcruft]

UMN has already said they've opened an investigation?

[sokoloff]

There seems to be transparency value in having a different organization do the investigation than made the original judgment to approve the research.

Maybe there's an "internal affairs" equivalent that we'd trust, but this reads to me like "UMN made an error in approving this research but don't worry because UMN is now going to look into it."

[fluidcruft]

Sure, that's entirely reasonable. But that's not what the Linux Foundation is demanding, apparently.