Or maybe they stole linus' key? Anyone cloned the repository before it was deleted? If so, i think the repo could help in figuring out how it was done.
Is this a new kernel, or a new OS (yes, I'm aware the original Linux announcement called it a 'new OS').
Most of the things I dislike about 'Linux' are OS-level inconsistencies, particularly that most user-land tools implement their own config file formats rather than using an existing one.
systemd is a notable exception, as it re-used the .desktop format for .service.
I shouldn't disclose how this was done until it is fixed. It seems github is unhappy with how this turned out, but I hope they fix it soon. I have already written a personal apology to Linus, and also, apologies if I have offended anyone else.
"Look, I can create a commit with someone elses e-mail address, and GitHub will think it was actually theirs!"
Of course, the question is: is there any way to prevent this in a simple way? Given anyone can push the final commit, you would need some sort of commit signing, but that sounds more pain than it's really worth.
The repository was not created by Linus. It was a Github security exploit discovered by a friend of mine. Apparently he had contacted Github before exploiting but they didn't show any interest in fixing the issue. There should be a clarification from him soon.
> Apparently he had contacted Github before exploiting but they didn't show any interest in fixing the issue.
If this is true... sounds like business as usual at github. I don't get it, it's not the first time they refused to do jack shit and proactively fix reported security issues before they were used in a high-profile demo exploit.
Then again, it doesn't impact their bottom line since nobody switches or cares when that happens aside from a few days of noise, so why would they?
60 comments
[ 3.1 ms ] story [ 120 ms ] threadWTF?
http://www.thelinuxdaily.com/2010/04/the-first-linux-announc...
Here's a diff between the two: http://paste.ubuntu.com/6504013/
Or maybe they stole linus' key? Anyone cloned the repository before it was deleted? If so, i think the repo could help in figuring out how it was done.
Oops, docs say you're right, i didn't think of that.
Even though it seems like Torvalds is starting a new project, he might as well be just teasing and later pull in the Linux 3.13-14 tree.
Heh.
Most of the things I dislike about 'Linux' are OS-level inconsistencies, particularly that most user-land tools implement their own config file formats rather than using an existing one.
systemd is a notable exception, as it re-used the .desktop format for .service.
Are we getting trolled?
Good thing someone thought to fix it: https://github.com/torvalds/linux-ng/pull/4
I was browsing Linus's repositories at the time and it disappeared mid-load.
https://github.com/d-snp/linux-ng/commit/b71ef5e3b1caa61dac0...
edit: I accept PR's though, let's make a big list of likes/dislikes and slap him with it ;)
Of course he does. He does not accept github pull requests, for reasons he's explained at length in, amongst others, https://github.com/torvalds/linux/pull/17
I shouldn't disclose how this was done until it is fixed. It seems github is unhappy with how this turned out, but I hope they fix it soon. I have already written a personal apology to Linus, and also, apologies if I have offended anyone else.
>We consider correspondence sent to security@github.com our highest priority, and work to address any issues that arise as quickly as possible.
[1]: https://help.github.com/articles/responsible-disclosure-of-s...
Of course, the question is: is there any way to prevent this in a simple way? Given anyone can push the final commit, you would need some sort of commit signing, but that sounds more pain than it's really worth.
Then again, this just moves it from clever joke to irony. I'll take it.
If this is true... sounds like business as usual at github. I don't get it, it's not the first time they refused to do jack shit and proactively fix reported security issues before they were used in a high-profile demo exploit.
Then again, it doesn't impact their bottom line since nobody switches or cares when that happens aside from a few days of noise, so why would they?
Apparently not:
"I shouldn’t have exploited it before reporting, so apologies if I have offended anyone."
http://vikraman.org/posts/2013/12/1/linux-ng.html