.png)
6 days ago
2
The Linux 6.16 merge window this weekend suffered an unexpected twist this weekend when Linus Torvalds noticed some unusual Git activity by a longtime Linux kernel developer. The issue is still being sorted through but it would appear that the possible malicious activity came down to some scripting issues around Git.
Unexpected Linux kernel mailing list drama came down to Linus Torvalds writing this message on Saturday after Linus Torvalds noticed a longtime developer "actively maliciously modified your tree completely. There are completely crazy commits in there that are entirely fake." Torvalds wrote:
"WTF, Kees?You seem to have actively maliciously modified your tree completely.
There are completely crazy commits in there that are entirely fake.
You have this: f8b59a0f90a2 Merge tag 'driver-core-6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core
which *claims* to be from me, and committed by me, but is very much not. It's some garbage you have entirely made up.
Yes, there is a real commit like that, but it's has the SHA1 ID of 9d230d500b0e.
And this isn't some kind of innocent rebasing mistake, because this actively lies about who committed it.
This is completely unacceptable.
I will now refuse to pull *anything* from you until you explain what the f&*^ you have been up to, because this looks like you have been doing actively bad things.
You need to nuke that tree, and come up with a good explanation for this kind of shit.
I'm cc'ing Konstantin, because I really think these kinds of games are COMPLETELY UNACCEPTABLE, and this is not the kind of behavior we can have on kernel.org accounts.
Konstantin - please disable Kees' account immediately until this is cleared up. Because this looks *malicious*."
Kees kernel.org account was immediately disabled after that. These unusual commits caught Kees by surprise as well and was to investigate while rebuilding his patches from a clean tree. Torvalds follow-up:
"Any normal git merge rebasing should re-write the committer. So to get the kinds of rewritten history that I saw, it almost has to be intentional. I don't see how that has happened by mistake.At a minimum there is some truly effed up scripting going on.
Because it wasn't just one or two commits, it was a whole slew of them. I mentioned one, but there were *thousands* of rewritten commits."
The latest on the Linux kernel mailing list at the moment is that it would appear b4 trailers and git-filter-repo is to blame with the scripting Kees had written around Git and b4. So at this stage it doesn't appear to be anything intentional/malicious but threw a wrench into the Linux 6.16 merge window this weekend. The investigation into how the Git tree got so mangled is still being looked at further.
