github.com/torvalds/linux/tree/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0
hey guys its me linus torvalds, author of the smash hit linux. yes its me you
can look at the url of the repo and the thingy at the top of the files it
proves its 100% me.
i deleted linux because i hate it now i think it sucks. you should go use this
awesome os its called windows xp i just discovered it its great

阴阳怪气是吧

底下不是有个链接吗 点进去看是如何利用 github 漏洞进行恶作剧

底下的链接写了，是一次展示伪造 commit 的行为艺术

哈哈哈哈啊哈 果然是，没注意到

linus ，虽然创造了 git ，但好像一直都讨厌 github

一直开启 Vigilant mode ，这样没有签名的 commit 就会显示成 unverified

之前漏洞，可以伪造 linus commit 你的代码

Others probably have not fully realized this yet, but with GitHub one can:
1) Publish arbitrary commits under your github.com/my/project URL, e.g. a fake github.com/my/project/blob/<faked_commit>/README.md in your project describing how to install it that actually describes installing malware.

2) Publish those commits under your name, with your email address, and GitHub will prominently display it as if you made the commit (most do not use GPG signatures, and most do not know to look for "Verified" anyway)

It seemed only a matter of time before this behavior got abused for something (anti-DMCA action is perhaps the best outcome of this situation I can imagine..)

这算是个 bug 吗， 我记得.git 里面内容本来就可以随意篡改的

毕竟是曾经公开 fuck you nvidia 的男人

这是 GitHub 架构的缺陷吧，GitHub 中 fork 的仓库和原仓库在内部是共用一个存储库的，你在你 fork 的仓库中提交，在原仓库也可以通过 commit hash 访问到。

github.com/torvalds/linux/commit/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0
这里可以看到
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

挺好玩的，github 不认为这是漏洞

f u Nvidia +1

github 不认为是漏洞？感觉很容易伪造一个捐款入口啊

像是他会说的话.

这个切入点好！我都没有想到

可以伪造他人 commit 的，建议使用 GPG signature

学到了

翻译:
大家好，我是 Linus torvalds, linux 畅销书的作者。是的,这就是我。

你可以看看回购的 url 和文件顶部的东西，它证明了 100%的我。

我删除了 Linux ，因为我讨厌它，现在我觉得它糟透了。你应该使用这个很棒的操作系统，它叫 Windows xp ，我刚发现它很棒

k.sina.com.cn/article_5044281310_12ca99fde02001qzf9.html 我要笑死了

吓我一天，原来是恶搞，最下面有个链接