The two who wrote the paper — Kangjie Lu and Qiushi Wu — had the help of a third person, a student named Aditya Pakki, with Lu being the instructor for the project They sent an "open letter to the Linux community" on 24 April, apologising for what they had done and claiming that they had noble goals for doing so.
But Kroah-Hartman gave them short shrift, saying: "As you know, the Linux Foundation and the Linux Foundation's Technical Advisory Board submitted a letter on Friday [23 April] to your University outlining the specific actions which need to happen in order for your group, and your University, to be able to work to regain the trust of the Linux kernel community.
"Until those actions are taken, we do not have anything further to discuss about this issue."
iTWire has contacted Kroah-Hartman to find out the details of the actions needed to get the University back in the kernel project's good books.
As already reported, the University group submitted patches that they knew were buggy in order to see how the kernel team reacted, in order that students at the institution could write a research paper.
Linux creator Linus Torvalds told iTWire that while such a submission was not a huge deal, it was obviously a breach of trust.
But these patches sent by the University group will take time to be removed as evidenced by one contributor, Sudip Mukherjee, who wrote to Kroah-Hartman on 21 April, pointing out that many of them had reached the stable kernel trees.
"A lot of these have already reached the stable trees," Mukherjee wrote to Kroah-Hartman. "I can send you revert patches for stable by the end of today (if your scripts have not already done it)."
Kroah-Hartman responded: "Yes, if you have a list of these that are already in the stable trees, that would be great to have revert patches, it would save me the extra effort these mess is causing us to have to do..."
In its letter, the University students and their instructor wrote, in part, "While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a subject of our research, and to waste its effort reviewing these patches without its knowledge or permission.
"We just want you to know that we would never intentionally hurt the Linux kernel community and never introduce security vulnerabilities. Our work was conducted with the best of intentions and is all about finding and fixing security vulnerabilities."