# University of Minnesota and "hypocrite commits"



## Urgt (Apr 25, 2021)

What mechanisms prevent the problem of bad actors introducing security faults into the FreeBSD codebase. Members of the Linux community are now having to unwind kernel patches from UMN and blocking further patch submissions. Will FreeBSD follow suite.


----------



## ShelLuser (Apr 25, 2021)

Although I have no idea what you're talking about I do want to raise a question: what makes you think that some people worked on both Linux and FreeBSD? Those two usually exclude one another.

(edit): In the mean time I read up about the issue, why assume that FreeBSD users would know about this? I couldn't care less about Linux because I don't use it, thus I don't bother myself with following any news about it.

Anyway, something similar (not directly related) has happened with FreeBSD 13.0, and that got caught as well, so... I'm not worried. Look into netgate / wireguard to learn more.


----------



## _martin (Apr 25, 2021)

If you are interested in FreeBSD commit process you should have a look at commiter's guide.
Even though you didn't use proper punctuation I'm assuming you did ask a question there. Highly unlikely you get an answer from a core team here, speculation _whatif_ doesn't help anybody.


----------



## mark_j (Apr 25, 2021)

Urgt said:


> What mechanisms prevent the problem of bad actors introducing security faults into the FreeBSD codebase. Members of the Linux community are now having to unwind kernel patches from UMN and blocking further patch submissions. Will FreeBSD follow suite.



Does this university have a commit bit? A quick look says no. So your question is moot.
Of course, bugs happen but I've never heard of a malicious bug. It might have happened, though.

Finally, the way linux is managed is totally different to an operating system like FreeBSD.


----------



## bobmc (Apr 25, 2021)

So a few academics conducted some ill-considered research into free software processes.  They probably wish they could take that back because now everything from that univ is tainted.  This episode just shows that free software processes are robust and the community is to be respected.


----------



## ralphbsz (Apr 25, 2021)

Completely off-topic for this sub-forum, it is not a general question about the usage of FreeBSD.
Probably even off-topic for this whole forum, as we typically do not discuss internal policies of the committers. That's what mailing lists are for.
I don't actually agree with the characterization that this was "ill-considered". It might have been executed badly, in that they probably should have requested permission first from a person who has control of the Linux development, without alerting the individuals who actually review and approve changes. But the result they found is very valuable: with a modicum of effort (a relatively small number of valuable commits), they were able to establish trust, and then they were able to abuse that trust to introduce bugs in Linux. They did that with a small number of people (a handful of academics and students). Now imagine what they could have done if they had the resources of a nation state (North Korea!) or a large company (IBM/RedHat or Oracle) at their disposal. I think it demonstrates a fundamental flaw in this particular open source development process.


----------

