- cross-posted to:
- linux@programming.dev
- cross-posted to:
- linux@programming.dev
You must log in or register to comment.
If you’re not familiar with reading mailing lists or don’t follow what is happening, Brodie Robertson on YT did a good video on this: https://youtu.be/GhfhzTDQdUU
TL;DR: Some tooling script caused the problem, but it initially seemed like a malicious pull request from kernel developer. It wasn’t and the issue was resolved. The tooling script will be updated with better error messages so this kind of problem should be obvious when it occurs.
Brodie has a good read on the pulse of Linux, worth following if you want to keep up with linux news.
I got weirdly invested in this, and by the end I was kinda happy that it was “just” a bug in the tooling and not anything actually malicious.
> Welp, that precisely recreated it -- even identical shas! Looking at > the b4 output, I do see a suspicious "39 commits" listed for some reason. Well, that's the point where the user, in theory, goes "this is weird, why is it 39 commits," and does Ctrl-C, but I'm happy to accept blame here -- we should be more careful with this operation and bail out whenever we recognize that something has gone wrong. To begin with, we'll output a listing of all the commits that will be rewritten, just to make it more obvious when things are about to go wrong. > So, I assume the "git-filter-repo" invocation is what mangled it. I will > try to dig into what b4 actually asked it to do in the morning... Thanks for looking into this. Linus, this is accurate and I am 100% convinced that there was no malicious intent. My apologies for being part of the mess through the tooling. I will reinstate Kees's account so he can resume his work. -KI have also been done in many times by git-filter-repo. My condolences to the chef.
Bring the anubis girl back!
Found the furry.
Wait was that Anubis without an anime girl? YOU MONSTERRRRS!
what’s the reference here?
Anubis is an anti bot protection measure that gives your browser a proof-of-work challenge to solve before giving you access to the website. When I opened the link the website briefly showed Anubis but the anime girl mascot wasn’t there 😭
WHOOOOOA. If Linus is not mistaken (doubtful), there wasn’t an intrusion in the repo, or there wasn’t some fucked up merge somewhere, this is crazy as hell. This is a huge deal. Good on Linus for catching it.
If you read the whole thread, it turns out to be an undesirable behaviour of a tool called b4, which was rewriting not just author information but committer information. The consensus seems to be that this tool needs to be updated not to do that.
why do they keep those email public?
They are a record of the process of adding to the Linux kernel. Such background can be used to trace the history of contributions if those contributions turn out to have had malicious intent or were derived from code that came from sources that were not compatible with the GNU license that the kernel is released under.
The thread reads like Git is just as awesome to use as one would suspect from the outside, even for the original target audience.
Once a user starts performing merges and trying to fix conflicts by hand, simplicity goes out the windows. It’s not git, but any tree system that has to track and merge content. Same thing would happen with any other tool if the user is trying to “recreate” revisions that had bad merges.