"The project" isn't some impersonal machine or device; it's people.
They wasted the time of every maintainer who read their submission. And since a very large number of patches have to be rolled back, clearly "the patches never got into the code base" is an inaccurate statement. Moreover, some of the suspect patches have had subsequent patches made on top of them, which makes rollback even more onerous.
The IRB at UMN screwed up. The experiment was aimed at human systems. This wasn't a probe at some toolchain; it was an attempt to see if people could be manipulated into approving the injection of subtle bugs that turned immature (not exploitable) issues into exploitable use-after-free bugs. "The project" isn't some black box, some machine; it's people. Manipulation of humans requires full review, not a waiver, and it required affirmative permission from the most senior person(s) involved in Linux kernel change approval.
Biting the hand that feeds IT
