Permalink
Browse files

Pretend to be Linus

  • Loading branch information...
torvalds committed Feb 6, 2016
1 parent 3e383ef commit e5cfe4bb2190a2ae406d5f0b8f49c32ac0f01cd7
Showing with 4 additions and 0 deletions.
  1. +4 −0 README.md
View
@@ -1,5 +1,7 @@
# git-blame-someone-else

This comment has been minimized.

Show comment
Hide comment
@rishdang

rishdang Feb 7, 2016

awesome

This comment has been minimized.

Show comment
Hide comment
@zidein07

zidein07 Feb 10, 2016

image

This comment has been minimized.

Show comment
Hide comment
@Bengt

Bengt Feb 11, 2016

On the door stands something like "For Sale" and a telephone number. .. So I suspect the joke here is, that the telephone is not the actual owner of the garage, but some pranked friend of the author. That guy will now get calls regarding a garage he never heard of. Analogously Linus Torvalds is being talked about in this commit, while GitHub is responsible for not validating the commit authors.

@Bengt

Bengt Feb 11, 2016

On the door stands something like "For Sale" and a telephone number. .. So I suspect the joke here is, that the telephone is not the actual owner of the garage, but some pranked friend of the author. That guy will now get calls regarding a garage he never heard of. Analogously Linus Torvalds is being talked about in this commit, while GitHub is responsible for not validating the commit authors.

This comment has been minimized.

Show comment
Hide comment
@alexshpilkin

alexshpilkin Feb 2, 2018

@Bengt Your translation is correct. Also, garages for sale were so ubiquitous at some point in ex-USSR (and still are in some places) that posting “Garage for sale” in a random unrelated thread has become a running gag.

@alexshpilkin

alexshpilkin Feb 2, 2018

@Bengt Your translation is correct. Also, garages for sale were so ubiquitous at some point in ex-USSR (and still are in some places) that posting “Garage for sale” in a random unrelated thread has become a running gag.

> "I love git-blame-someone-else!!" -Linus Torvalds[^linus]

This comment has been minimized.

Show comment
Hide comment
@kailan

kailan Feb 7, 2016

i call hax

@kailan

kailan Feb 7, 2016

i call hax

This comment has been minimized.

Show comment
Hide comment
## Install
```bash
@@ -19,3 +21,5 @@ $ git blame-someone-else <author> <commit>
## Disclaimer:
This changes not only who authored the commit but the listed commiter as well. It also is something I wrote as a joke, so please don't run this against your production repo and complain if this script deletes everything.
[^linus]: Linus Torvalds didn't really approve of this. It's a joke to prove it works.

This comment has been minimized.

Show comment
Hide comment
@benmonro

benmonro Feb 8, 2016

I feel this line is unnecessary and extraneous. Consider deleting it.

@benmonro

benmonro Feb 8, 2016

I feel this line is unnecessary and extraneous. Consider deleting it.

This comment has been minimized.

Show comment
Hide comment
@solidsnack

solidsnack Feb 8, 2016

It will be helpful to archeologists.

@solidsnack

solidsnack Feb 8, 2016

It will be helpful to archeologists.

50 comments on commit e5cfe4b

@TheEndHo

This comment has been minimized.

Show comment
Hide comment
@TheEndHo

TheEndHo Feb 7, 2016

I love knowing I can put this d on a certain broad anytime I want....#committed

I love knowing I can put this d on a certain broad anytime I want....#committed

@liamja

This comment has been minimized.

Show comment
Hide comment
@liamja

liamja Feb 7, 2016

👌👀👌👀👌👀👌 👀 good shit go౦ԁ sHit👌 thats ✔️ some good👌👌shit right👌👌there👌👌👌 right✔️there ✔️✔️if i do ƽaү so my self 💯 i say so 💯 thats what im talking about right there right there (chorus: ʳᶦᵍʰᵗ ᵗʰᵉʳᵉ) mMMMMᎷМ💯 👌👌 👌НO0ОଠOOOOOОଠଠOoooᵒᵒᵒᵒᵒᵒᵒᵒᵒ👌 👌👌 👌 💯 👌 👀 👀 👀 👌👌Good shit

👌👀👌👀👌👀👌 👀 good shit go౦ԁ sHit👌 thats ✔️ some good👌👌shit right👌👌there👌👌👌 right✔️there ✔️✔️if i do ƽaү so my self 💯 i say so 💯 thats what im talking about right there right there (chorus: ʳᶦᵍʰᵗ ᵗʰᵉʳᵉ) mMMMMᎷМ💯 👌👌 👌НO0ОଠOOOOOОଠଠOoooᵒᵒᵒᵒᵒᵒᵒᵒᵒ👌 👌👌 👌 💯 👌 👀 👀 👀 👌👌Good shit

@gdi2290

This comment has been minimized.

Show comment
Hide comment

@thassiov

This comment has been minimized.

Show comment
Hide comment
@thassiov

thassiov Feb 7, 2016

What have you done

What have you done

@kolobus

This comment has been minimized.

Show comment
Hide comment
@kolobus

kolobus Feb 7, 2016

fun comment

fun comment

@paulwalko

This comment has been minimized.

Show comment
Hide comment
@paulwalko

paulwalko Feb 7, 2016

get rekt m8

get rekt m8

@mobjohnson

This comment has been minimized.

Show comment
Hide comment

Wow

@ChristopherKing42

This comment has been minimized.

Show comment
Hide comment
@ChristopherKing42

ChristopherKing42 Feb 8, 2016

The greatest part is that it even has his picture.

The greatest part is that it even has his picture.

@mach-kernel

This comment has been minimized.

Show comment
Hide comment
@mach-kernel

mach-kernel Feb 8, 2016

your message has formatting -10 for mailing list style

your message has formatting -10 for mailing list style

@dblotsky

This comment has been minimized.

Show comment
Hide comment
@dblotsky

dblotsky Feb 8, 2016

And that, friends, is why commits use SHA-1. -1 point for not faking the commit IDs staying the same in the demo.

And that, friends, is why commits use SHA-1. -1 point for not faking the commit IDs staying the same in the demo.

@eean

This comment has been minimized.

Show comment
Hide comment
@eean

eean Feb 8, 2016

The git shas do not solve any issues around this. The Linux kernel folks sign their commits to prove authorship. Github keeps track of who pushes commits, but it certainly isn't made clear here.

eean replied Feb 8, 2016

The git shas do not solve any issues around this. The Linux kernel folks sign their commits to prove authorship. Github keeps track of who pushes commits, but it certainly isn't made clear here.

@Sadhanandh

This comment has been minimized.

Show comment
Hide comment

+1 (Github should add a like button)

https://github.com/dear-github/dear-github

@jasonm23

This comment has been minimized.

Show comment
Hide comment
@jasonm23

jasonm23 Feb 8, 2016

👍

@Sadhanandh (use :+1:)

👍

@Sadhanandh (use :+1:)

@spacanowski

This comment has been minimized.

Show comment
Hide comment

evil

@muminoff

This comment has been minimized.

Show comment
Hide comment

👍

@dblotsky

This comment has been minimized.

Show comment
Hide comment
@dblotsky

dblotsky Feb 8, 2016

@eean, you're right: there is nothing outside of signing that can stop a commit from looking like it was originally made by someone else. However the demo showed rewriting a previous commit, which is what I was referring to. Assuming that all commits are reviewed (and SHAs are written down) in public before they're pulled in (i.e. where impersonation would be detected), changes after the fact are detectable.

@eean, you're right: there is nothing outside of signing that can stop a commit from looking like it was originally made by someone else. However the demo showed rewriting a previous commit, which is what I was referring to. Assuming that all commits are reviewed (and SHAs are written down) in public before they're pulled in (i.e. where impersonation would be detected), changes after the fact are detectable.

@bgeron

This comment has been minimized.

Show comment
Hide comment
@bgeron

bgeron Feb 8, 2016

Assuming that all commits are reviewed (and SHAs are written down) in public before they're pulled in (i.e. where impersonation would be detected), changes after the fact are detectable.

That said, in 10 years a SHA1 collision should cost about $100, and with a smarter tool you might not even need to rebase any longer. The public SHA1s might work for the rewritten history.

(Currently a collision costs about $100k; I'm assuming computation per unit energy will increase according to Moore's law and also that the collisions are of a suitable kind which I didn't check.)

Assuming that all commits are reviewed (and SHAs are written down) in public before they're pulled in (i.e. where impersonation would be detected), changes after the fact are detectable.

That said, in 10 years a SHA1 collision should cost about $100, and with a smarter tool you might not even need to rebase any longer. The public SHA1s might work for the rewritten history.

(Currently a collision costs about $100k; I'm assuming computation per unit energy will increase according to Moore's law and also that the collisions are of a suitable kind which I didn't check.)

@sleeptillseven

This comment has been minimized.

Show comment
Hide comment
@sleeptillseven

sleeptillseven Feb 8, 2016

I will put Linus all over my projects now!

I will put Linus all over my projects now!

@iguchi1124

This comment has been minimized.

Show comment
Hide comment

👍

@akhilesharora

This comment has been minimized.

Show comment
Hide comment

Awesome ;)

@egeste

This comment has been minimized.

Show comment
Hide comment
@egeste

egeste Feb 8, 2016

This is why I sign my commits.

This is why I sign my commits.

@andre-amorim

This comment has been minimized.

Show comment
Hide comment
@DCruz22

This comment has been minimized.

Show comment
Hide comment
@DCruz22

DCruz22 Feb 8, 2016

I think Linus Torvalds would be like:
l2fdwg1

I think Linus Torvalds would be like:
l2fdwg1

@NamPNQ

This comment has been minimized.

Show comment
Hide comment
@NamPNQ

NamPNQ Feb 9, 2016

I will put Linus all over my projects now!

I will put Linus all over my projects now!

@DharmeshPandav

This comment has been minimized.

Show comment
Hide comment
@DharmeshPandav

DharmeshPandav Feb 9, 2016

wow !! evil sorcery

wow !! evil sorcery

@Bengt

This comment has been minimized.

Show comment
Hide comment
@Bengt

Bengt Feb 9, 2016

Ironically, the Linux kernel is not on GitHub for this very reason: Commit signing is not implemented in the web interface. Maybe GitHub will recognise the need for this feature now, that tools to exploit it are readily available.

Bengt replied Feb 9, 2016

Ironically, the Linux kernel is not on GitHub for this very reason: Commit signing is not implemented in the web interface. Maybe GitHub will recognise the need for this feature now, that tools to exploit it are readily available.

@dolohow

This comment has been minimized.

Show comment
Hide comment
@dolohow

dolohow Feb 9, 2016

@Bengt: Actually the reason is different.

@Bengt: Actually the reason is different.

@Bengt

This comment has been minimized.

Show comment
Hide comment
@dolohow

This comment has been minimized.

Show comment
Hide comment
@dolohow

dolohow Feb 9, 2016

@Bengt: Sorry, my bad. I thought the primary reason is that Github is proprietary and PRs not scale for large projects.

@Bengt: Sorry, my bad. I thought the primary reason is that Github is proprietary and PRs not scale for large projects.

@Bengt

This comment has been minimized.

Show comment
Hide comment
@Bengt

Bengt Feb 9, 2016

@dolohow No problem, you are actually right on a the high level problem. The Linux kernel used the proprietary BitKeeper for a long time and only moved away, because of actual legal reasons and not out of principle. My guess would be that the Linux kernel would move to GitHub if the technical issues were to be adressed.

The Linux kernel is large in the sense that many people use it on many systems that in turn have direct influence on even more people. So the relevant characteristic is importance rather than size of the code base. Because it matters who authored a commit to the Linux kernel and what he or she intended with it, clean and authentic commit messages are a must-have.

Bengt replied Feb 9, 2016

@dolohow No problem, you are actually right on a the high level problem. The Linux kernel used the proprietary BitKeeper for a long time and only moved away, because of actual legal reasons and not out of principle. My guess would be that the Linux kernel would move to GitHub if the technical issues were to be adressed.

The Linux kernel is large in the sense that many people use it on many systems that in turn have direct influence on even more people. So the relevant characteristic is importance rather than size of the code base. Because it matters who authored a commit to the Linux kernel and what he or she intended with it, clean and authentic commit messages are a must-have.

@ushuz

This comment has been minimized.

Show comment
Hide comment
@ushuz

ushuz Feb 10, 2016

Nice one!

Nice one!

@jgavinray

This comment has been minimized.

Show comment
Hide comment
@jgavinray

jgavinray Feb 10, 2016

Jay that's amazing!

Jay that's amazing!

@rShetty

This comment has been minimized.

Show comment
Hide comment

👍

@laverix

This comment has been minimized.

Show comment
Hide comment

👍

@TopOneOfTopOne

This comment has been minimized.

Show comment
Hide comment

Fake and gay

@booxood

This comment has been minimized.

Show comment
Hide comment

Mark~

@raegen

This comment has been minimized.

Show comment
Hide comment
@raegen

raegen Feb 10, 2016

git goes all reddit

git goes all reddit

@yvettec

This comment has been minimized.

Show comment
Hide comment
@kotAPI

This comment has been minimized.

Show comment
Hide comment
@kotAPI

kotAPI Feb 12, 2016

HAHAHA , things people do on GitHub

I think we need to make sure this reaches Linus!!

HAHAHA , things people do on GitHub

I think we need to make sure this reaches Linus!!

@backslash-f

This comment has been minimized.

Show comment
Hide comment

🙊

@roham

This comment has been minimized.

Show comment
Hide comment
@ClaytonSmith

This comment has been minimized.

Show comment
Hide comment
@ClaytonSmith

ClaytonSmith Feb 17, 2016

YAAAAAAAAAAAAAAAAAAAAAAAAAASSSSSSSSSSSSSSSSSSS

YAAAAAAAAAAAAAAAAAAAAAAAAAASSSSSSSSSSSSSSSSSSS

@hayderimran7

This comment has been minimized.

Show comment
Hide comment

tips fedora

@SerCeMan

This comment has been minimized.

Show comment
Hide comment

👍

@arrowrowe

This comment has been minimized.

Show comment
Hide comment

GitHub has got GPG signature verification now 😆

GitHub's Verified Commits Screenshot

@inkedawn

This comment has been minimized.

Show comment
Hide comment
@inkedawn

inkedawn Apr 10, 2016

Frighten me hurriedly to configure the GPG signature 🐶

Frighten me hurriedly to configure the GPG signature 🐶

@ResidentMario

This comment has been minimized.

Show comment
Hide comment
@ResidentMario

ResidentMario Apr 18, 2016

The blog post doesn't mention it, but I don't see any way around their deciding to implement this feature right now stemming from this demo right here.

The blog post doesn't mention it, but I don't see any way around their deciding to implement this feature right now stemming from this demo right here.

@MarounMaroun

This comment has been minimized.

Show comment
Hide comment
@MarounMaroun

MarounMaroun Mar 28, 2018

I've just discovered this thread. I guess I'll be here for hours now..

I've just discovered this thread. I guess I'll be here for hours now..

@NuLL3rr0r

This comment has been minimized.

Show comment
Hide comment
@NuLL3rr0r

NuLL3rr0r Jun 10, 2018

I found this repo through this reddit post.

I found this repo through this reddit post.

Please sign in to comment.