代码伪造提交

Search documents
330个“假补丁”差点混入主线?Linus Torvalds暴怒开喷:立即封号,不可能是“无心之过”
3 6 Ke· 2025-06-04 12:30
Core Points - The Linux kernel development process is complex and involves collaboration among thousands of developers, which can lead to tense situations and conflicts [1] - During the Linux 6.16 merge window, Linus Torvalds expressed anger over suspicious submissions from Kees Cook, which included 330 pull requests that appeared to alter author information and forge merge history [2][3] - Linus accused Kees of malicious behavior, stating that the submissions were not simple errors but deliberate falsifications, and demanded an explanation and the removal of the affected code tree [4][6] Incident Details - The controversy arose when Linus noticed unusual Git operations in Kees's code tree, leading to accusations of malicious submissions [3][4] - Kees Cook responded by suggesting that a malfunctioning SSD might have caused the corrupted code tree and promised to rectify the situation [7] - Linus remained skeptical, emphasizing that the scale of the issue indicated a serious problem with Kees's scripts and operations [8] Resolution - The root cause was identified as an issue with the b4 tool, which Kees used for patch management, leading to unintended alterations in commit metadata [9] - Konstantin Ryabitsev, the Linux infrastructure maintainer, confirmed that Kees did not act with malice and proposed to restore Kees's account after addressing the tool's issues [9] - Linus agreed to the account restoration but insisted on modifications to the b4 tool to prevent future occurrences of similar issues [9] Community Reactions - Some developers criticized Linus for his aggressive response, arguing that it was unnecessary given the accidental nature of the incident [10] - Others defended Linus, highlighting the importance of maintaining strict oversight and accountability in the Linux kernel development process [10]