search

allwinner-zh / linux-3.4-sunxi

kernel 3.4 for sunxi platforms
Other
147 stars 138 forks source link

Allwinner Technology committed to resolving Linux Kernel software issue #17

Open allwinner-zh opened 8 years ago

allwinner-zh commented 8 years ago

Allwinner Technology committed to resolving Linux Kernel software issue

Zhuhai, China - Allwinner Technology.Co.Ltd (SHE: CN:300458) is working with its device manufacturers to fix a current software issue. We are aware that code, which was supplied to device manufacturers for the purpose of developing products, should have been removed prior to shipping. We recommend that anyone who is concerned about this issue should contact the relevant device manufacturer.

In relation to the source code on Github, it is released for the open source community only and not for shipping certain devices. Since a debugging function is not needed it has subsequently been removed.

Allwinner is committed to producing quality SoC’s with security a key priority. We are currently working hard to address this issue and revising our current processes so we can continue to evolve our range of SoC’s in the future.

jomo commented 8 years ago

Context

jomo commented 8 years ago

Why was the history somewhat secretly rewritten after 38e3c9263effbcc278d53afc63329f368f563304 instead of simply making a new commit to remove the bug? (Compare old HEAD vs new HEAD history)

Apparently 1324 files have been changed by the force push, see diff.

I also noticed some weird things with this repository which I can't explain:

  1. After a clean clone, there's a list of modified files that's can't be stashed
  2. The diff (see above) doesn't list the sunxi-debug.c file, although it is present in 55599b8209bb7150140e4d45ef460dbff6c876dd but not in 56c71e22a837652655ea64d99bc994fcd44b91fa. Even the patch file doesn't list it
Manouchehri commented 8 years ago

Dropping massive changes with no proper commits is what caused the backdoor to be missed in the first place. Rewriting history is a bad idea too, since it makes it look like you're trying to hide issues. (I'm not saying that's what actually happened, but that's what it looks like.)

Ideally Allwinner should adopt common Git practices like the rest of the open source industry, otherwise this is going to happen again.

Vdragon commented 8 years ago

I don't like this~(raising tone)

Keeping history intact is the only way to make user trust your code, hiding it just ruins your reputation.

sscholle commented 7 years ago

Unfortunately these guys are not great with software, let alone adhering to common practice. Got a board with their A64 chip, what a load of marketing nonsense. Bad software all-round.