Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allwinner Technology committed to resolving Linux Kernel software issue #17

Open
allwinner-zh opened this issue May 12, 2016 · 5 comments
Open

Allwinner Technology committed to resolving Linux Kernel software issue #17

allwinner-zh opened this issue May 12, 2016 · 5 comments

Comments

@allwinner-zh
Copy link
Owner

Allwinner Technology committed to resolving Linux Kernel software issue

Zhuhai, China - Allwinner Technology.Co.Ltd (SHE: CN:300458) is working with its device manufacturers to fix a current software issue. We are aware that code, which was supplied to device manufacturers for the purpose of developing products, should have been removed prior to shipping. We recommend that anyone who is concerned about this issue should contact the relevant device manufacturer.

In relation to the source code on Github, it is released for the open source community only and not for shipping certain devices. Since a debugging function is not needed it has subsequently been removed.

Allwinner is committed to producing quality SoC’s with security a key priority. We are currently working hard to address this issue and revising our current processes so we can continue to evolve our range of SoC’s in the future.
@jomo
Copy link

jomo commented May 12, 2016

Context

@jomo
Copy link

jomo commented May 12, 2016

Why was the history somewhat secretly rewritten after 38e3c92 instead of simply making a new commit to remove the bug? (Compare old HEAD vs new HEAD history)

Apparently 1324 files have been changed by the force push, see diff.

I also noticed some weird things with this repository which I can't explain:

  1. After a clean clone, there's a list of modified files that's can't be stashed
  2. The diff (see above) doesn't list the sunxi-debug.c file, although it is present in 55599b8 but not in 56c71e2. Even the patch file doesn't list it

@Manouchehri
Copy link

Manouchehri commented May 12, 2016
edited
Loading

Dropping massive changes with no proper commits is what caused the backdoor to be missed in the first place. Rewriting history is a bad idea too, since it makes it look like you're trying to hide issues. (I'm not saying that's what actually happened, but that's what it looks like.)

Ideally Allwinner should adopt common Git practices like the rest of the open source industry, otherwise this is going to happen again.

@Vdragon
Copy link

Vdragon commented May 14, 2016
edited
Loading

I don't like this~(raising tone)

Keeping history intact is the only way to make user trust your code, hiding it just ruins your reputation.

@sscholle
Copy link

Unfortunately these guys are not great with software, let alone adhering to common practice. Got a board with their A64 chip, what a load of marketing nonsense. Bad software all-round.

@Manouchehri Manouchehri mentioned this issue Mar 28, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Vdragon @sscholle @jomo @Manouchehri @allwinner-zh