Can Microsoft plant backdoor on Linux source in GitHub secretly? Linux repository - https://github.com/torvalds/linux |
Can Microsoft plant backdoor on Linux source in GitHub secretly? Linux repository - https://github.com/torvalds/linux |
Everybody would be able to see it. It might be hard to figure out, but you couldn't get away with it forever.
For that matter anybody who contributes to Linux could contribute a bad patch. Remember that a bad patch doesn't have to look like it has evil intent, it just looks like the author wasn't being careful with memory and... oops, there is a buffer overflow there.
Meaning: If someone altered the code on GitHub, the current trunks hash would change. Subsequently, if Torvalds tries to push to this repo, he would receive an error.
Of course MS could offer Torvalds one "version" of the git, and everyone else a "tampered version"; keeping the two in perfect sync. But since the kernel git is also located on other sites, this tampering would show up rather sooner than later.
Edit, some small nit-picking: I think this should be prefixed with "Ask HN:" ;)