I mean...there is a whole discussion about the questionable ethics of the research methods in the verge article. And human subjects and issues-of-consent questions aside, they are also messing with a mission critical system (linux kernel), and apparently left crappy code in there for all the maintainers to go back and weed out.

▲

jovial_cavalier 12 hours ago | parent [-]

1) once hypocrite commits were accepted, the authors would immediately retract them

2) I don't think it's unethical to send someone an email that has bad code in it. You shouldn't need an IRB to send emails.

▲

wtallis 12 hours ago | parent | next [-]

> I don't think it's unethical to send someone an email that has bad code in it.

It's unethical because of the bits you left out: sending code you know is bad, and doing so under false pretenses.

Whether or not you think this rises to the level of requiring IRB approval, surely you must be able to understand that wasting people's time like this is going to be viewed negatively by almost anyone. Some people might be willing to accept that doing this harm is worth it for the greater cause of the research, but that doesn't erase the harm done.

	▲	mmooss 3 hours ago \| parent [-]
		Bad code is wasting time; investigating the security of Linux code approval is a good use of time.

▲

AlotOfReading 12 hours ago | parent | prev [-]

1) How did they hit stable then? [0]

2) Yes, emails absolutely need IRB sign-off too. If you email a bunch of people asking for their health info or doing a survey, the IRB would smack you for unapproved human research without consent. Consent was obviously not given here.

[0] https://lore.kernel.org/linux-nfs/CADVatmNgU7t-Co84tSS6VW=3N...