Even Linus Torvalds was speechless, admitting to IT Wire
that he didn’t even know what to say about the whole endeavor.
“I don’t think it has been a huge deal technically, but people are pissed off, and it’s obviously a breach of trust,” he said.
In many ways, what the university’s researchers did reflects questionable decision-making just as much as it does unnecessary risk-taking. Sure, I get it—they were penetration testing. But when the basic tenets of the open-source contract are undermined, the result is that it damages the relationship with everyone who uses that software.
I found myself thinking about this issue this morning after I got a note from a platform called Winter CMS
, a fork of a content management system called October CMS. I had looked closely at October CMS
and nearly went with it for my site, but chose in the end against it because I did not feel the community was strong enough to reach out to in case something broke.
It turns out that was a great idea, because October CMS’ primary developers left earlier this year after the organization decided to commercialize the CMS
. As the existence of Winter CMS
shows, changing the contract or not following the set rules is a breach of trust. (For disclosure’s sake: Craft CMS, the platform for Tedium I eventually went for, is free to download but proprietary, but I knew that going in.)
As communities go, it’s important to keep in mind the fact that lots of people rely on projects like Linux to do their jobs. If the contract breaks or something changes, it can deeply affect their work. And other examples of this exist, too—the whole to-do over Red Hat reframing CentOS
last year is a great example.
I’m sure the researchers at the University of Minnesota thought they were doing the community a service, just as the researchers at Objective-See did when they reported a significant MacOS bug
to Apple recently.
But the breach of trust is not a minor thing in the world of open-source communities. For one thing, it could have affected a lot of people had the exploit gotten through.
And plus, it made Greg Kroah-Hartman mad. And why would anyone want that?