Readers: make sure you read the replies. This happened four days ago and has since been resolved.
this post was submitted on 04 Jun 2025
152 points (94.7% liked)
Linux
55762 readers
1394 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
Im a little unfamiliar with navigating this particular mailing list, where was this resolved?
I read through it by clicking the "next" link at the bottom. There isn't a single email explaining it; it's a story you have to read through to understand.
If you jump to the last message, it's someone saying they had the same issue.
But, TL;DR a tool kernel devs use has surprising behavior that's biting people, and can alter the commit history to be a pack of lies that looks suspiciously like malicious intent.
The thread doesn't mention how or if the tool has been changed. The tool is b4.
Towards the bottom of that page is a tree with all the replies in the chain.
Here is one where they determined it was not malicious by examining the ref logs
https://lore.kernel.org/all/20250601-pony-of-imaginary-chaos-eaa59e@lemur/
See 2025-06-01 14:40 from Konstantin Ryabitsev. Navigation is just below the post.
It's pretty annoying to read the mailing list, I agree. There's a very small hyperlink that says "next" that's right below the message body. If you click that, you can read the next message in the chain. Keep doing that until you get to the end, and yeah, it looks like this was resolved and wasn't actually malicious.
Good thing Linus remembers all his sha1 hashes
If you're not familiar with reading mailing lists or don't follow what is happening, Brodie Robertson on YT did a good video on this: https://youtu.be/GhfhzTDQdUU
TL;DR: Some tooling script caused the problem, but it initially seemed like a malicious pull request from kernel developer. It wasn't and the issue was resolved. The tooling script will be updated with better error messages so this kind of problem should be obvious when it occurs.
Brodie has a good read on the pulse of Linux, worth following if you want to keep up with linux news.
I got weirdly invested in this, and by the end I was kinda happy that it was "just" a bug in the tooling and not anything actually malicious.
> Welp, that precisely recreated it -- even identical shas! Looking at
> the b4 output, I do see a suspicious "39 commits" listed for some reason.
Well, that's the point where the user, in theory, goes "this is weird, why is
it 39 commits," and does Ctrl-C, but I'm happy to accept blame here -- we
should be more careful with this operation and bail out whenever we recognize
that something has gone wrong. To begin with, we'll output a listing of all
the commits that will be rewritten, just to make it more obvious when things
are about to go wrong.
> So, I assume the "git-filter-repo" invocation is what mangled it. I will
> try to dig into what b4 actually asked it to do in the morning...
Thanks for looking into this. Linus, this is accurate and I am 100% convinced
that there was no malicious intent. My apologies for being part of the mess
through the tooling.
I will reinstate Kees's account so he can resume his work.
-K
I have also been done in many times by git-filter-repo. My condolences to the chef.
I'll say here that one of the less discussed differences between git and Mercurial is that Mercurial does not allow commited history to be changed, and git does. Git users call this a "feature," and it leads to situations like this which are utterly impossible in Mercurial.
Git allows rewriting history by design. The kernel team uses it liberally. It is debatable whether this is a good thing, but it's one reason I stick with Mercurial.
Unless commits are signed, you can always rewrite history. No matter the tool. Extreme example demonstrating that this is possible is the fact that I can change my machine’s time, change my user name and reply the tool’s commands to construct whatever history I want.
If you have access to the actual files themselves you can even edit them with a text, binary, or hex editor depending on the format.
load more comments
(10 replies)
Wait was that Anubis without an anime girl? YOU MONSTERRRRS!
what's the reference here?
Anubis is an anti bot protection measure that gives your browser a proof-of-work challenge to solve before giving you access to the website. When I opened the link the website briefly showed Anubis but the anime girl mascot wasn't there 😭
I've used these tools to remove stuff from git history (e.g. someone accidentally committed a password or key that wasn't noticed for a while) and they are powerful but scary. Good discussion on what when wrong and how to avoid it or at least notice it before it gets this far
Rewriting history maybe should not have been the first cause of action, resetting the password would have been the sane option here.
Not judging though 😉
Love this guys, hope he lives forever!
WHOOOOOA. If Linus is not mistaken (doubtful), there wasn't an intrusion in the repo, or there wasn't some fucked up merge somewhere, this is crazy as hell. This is a huge deal. Good on Linus for catching it.
If you read the whole thread, it turns out to be an undesirable behaviour of a tool called b4, which was rewriting not just author information but committer information. The consensus seems to be that this tool needs to be updated not to do that.
It was in fact a microscopic deal. Linus overreacted. Lemmy and Reddit milked the drama.
Linus' tone was disproportionate, but he wasn't wrong. This could easily have been a compromised account trying to sneak code into the kernel.
His tone is almost always disproportionate. It’s just who he is.
If it was compromised account trying to sneak code into the kernel, the attacker wouldn’t rewrite history since that would be obviously flagged when Linus tries to merge the pull request; as demonstrated by Linus in fact noticing the rewritten history. There was virtually no chance that this was an attack.
Well, that's kind of his personality though. Just reading the message it seemed like quite an event though. The mailing list is generally very transactional and uneventful.
Well, that’s kind of his personality though.
Yes. Linus is known to overreact and use colourful language.
Linux Torvalds / Tim Apple
Pam from The Office: they are the same (picture)
Sorry, couldn't be bothered to fire up a meme generator for that joke
I
view more: next ›