Kees Cook's "hardening fixes" pull request for the 6.16 merge window looked like a straightforward exercise; it only contained four commits. So just about everybody was surprised when it resulted in Cook being temporarily blocked from his kernel.org account among fears of malicious activity. When the dust settled, though, the red alert was canceled. It turns out, surprisingly, that Git is a tool with which one can inflict substantial self-harm in a moment of inattention.
Kees Cook 提交的针对 6.16 合并窗口的 “hardening fixes”(加固修复)拉取请求看起来是个简单的工作,只包含了四个提交。因此,当这个请求导致 Cook 因疑似恶意行为而被暂时封禁 kernel.org 帐户时,几乎所有人都感到震惊。然而,尘埃落定之后,警报被取消。令人意外的是,Git 竟是一种在稍不留神的情况下就可能对自己造成严重伤害的工具。
Linus Torvalds reacted strongly to Cook's pull request after noticing that many of the commits found within it had been modified in strange ways. Git tracks both the author of a commit (the person who wrote the code), and the committer (the person who put that code into the repository). In this case, there were chang
扫一扫
743
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
