I feel it should almost be mentioned: It seems to me that the students did this on the existing reputation of the University. The University had been contributing and were generally trusted. So maintainers were reviewing the code based on that reputation.
Until we have detailed methodology of the experience it does not seems to have been the case (it looked like they use randomized email address).
The only traceable bad patch that can be traced to the university was for one student that tried to coerce its way to patch acceptance, by invoking slander and accusing of other kind of despicable behavior from the reviewer. Which ignited the whole drama (although it started way before that, said student didn't help with the already delicate situation and gave public awareness to the drama).