I don't dispute that the researchers were dishonest and broke the trust of the kernel maintainers. So they can be a bit peeved off at UMN. But is this sort of thing not the reality of their operation? That liars exist in the world? I don't really see what the volunteer part has to do with it. If anything it means they have less to complain about. I mean...most soldiers are volunteers, which would make it even more absurd, if someone signed up to be a soldier, and then whined and complained when enemy soldiers shot at him. It seems equally obvious to me, that an open network should be assumed to have malicious actors on it, as that a battlefield should be assumed to have enemies on it. Obviously you don't have to like the enemies.
I don't have internal info so this is just an hypothesis, but I think they absolutely do expect adversarial commits and if you tried to get something accepted today with no affiliation or anything you would need to talk to multiple maintainers and your commits would be under scrutiny.
Here the "contributors" had done multiple commits and were coming from a university that had previously upstreamed several commits. There was and should be an expectation of trust because you can't scrutinize every commit for several hours (they just don't have them enough maintainers for it).
You must trust contributors to your project to some extent. If you don't extend some trust, you can't have contributors. That level of trust is then adjusted off that base level based on experience.
It is perfectly reasonable to drop someone below your base level of trust if they lie to you. This doesn't necessarily mean that the base level of trust needs to be adjusted.
In this case, the review process caught all the known harmful commits (which were from anonymous emails so recieved base level trust) and thus the base line level of trust seems to be working.
