"Full disclosure" from the University of Minnesota

Thank you for providing precise references. Looking at it in chronological context, I think it helps me understand some the reactions better. The first things I read about the topic were the paper and the LWN article, and from the paper I quickly learned that they tried to make sure the commits didn't get into the kernel. (Also, a few days later they disclosed the full details, so I didn't have to go for months wondering about what really happened.) So I probably got a very different experience than people reading scary/unclear/contraditory* fragments on twitter and then having to wait a long time for the details. Thank you for helping me see that perspective.

*I'll note that if we scroll down a bit on [3] they already tried to clarify that the malicious commits never got into the kernel, and in [4] the commenter already notes the contradiction.

Still, considering the full set of data we have today, I don't think it's justified to state that "they were deliberately trying to put bugs into production code", as the recent comment I was replying to did.

They did several things they shouldn't have done, such as experimenting on human subjects without their consent, making a paper with IMO weak methodology and relatively poor execution (I think we can hardly draw useful conclusions from their experiment) and communicating poorly about it (which again, would have been less of a problem if they had sought informed consent beforehand), but I don't think "deliberately trying to put bugs into production code" was one of them.