实用指南:Hardening fixes lead to hard questions
Kees Cook's "hardening fixes" pull request for the 6.16mergewindow looked like a straightforward exercise; it only contained four commits. So just about everybody was surprised when it resulted in Cook being temporarily blocked from his kernel.org account among fears of malicious activity. When the dust settled, though, the red alert was canceled. It turns out, surprisingly, that Git is a tool with which one can inflict substantial self-harm in a moment of inattention.
Kees Cook 提交的针对 6.16 合并窗口的 “hardening fixes”(加固修复)拉取请求看起来是个简单的工作,只包括了四个提交。因此,当这个请求导致 Cook 因疑似恶意行为而被暂时封禁 kernel.org 帐户时,几乎所有人都感到震惊。然而,尘埃落定之后,警报被取消。令人意外的是,Git竟是一种在稍不留神的情况下就可能对自己造成严重伤害的工具。
Linus Torvalds reacted strongly to Cook's pull request after noticing that many of the commits found within it had been modified in strange ways. Git tracks both the author of a commit (the person who wrote the code), and the committer (the person who put that code into the repository). In this case, there were changes that claimed to have been committed by Torvalds, but they were actually rewritten (but unmodified beyond the metadata) versions of his commits with different SHA IDs. Torvalds said: "You seem to have actively maliciously modified your tree completely", implying that some sort of deliberate, underhanded change