Hacker News new | past | comments | ask | show | jobs | submit login
Linux is now hosted on GitHub (github.com)
568 points by bpierre on Sept 5, 2011 | hide | past | web | favorite | 93 comments

For anyone pulling the kernel tree from github - here is how you can verify it.

linux-2.6 $ git pull git://github.com/torvalds/linux.git

linux-2.6 $ git fetch --tags git://github.com/torvalds/linux.git

linux-2.6 $ gpg --keyserver pgp.mit.edu --recv-keys 76E21CBB

linux-2.6 $ git verify-tag v3.1-rc5

gpg: Signature made Sun 04 Sep 2011 06:45:37 PM EDT using DSA key ID 76E21CBB gpg: Good signature from "Linus Torvalds (tag signing key) <torvalds@osdl.org>"

So how to we verify 76E21CBB?

gpg --check-sigs 76E21CBB

If you don't trust the key of anyone that has verified his key (which is true in my case), attend more signings.

pgp.mit.edu has a web interface which allows you to search based on email addresses. But more easily - since we can trust older commits - doing a git tag -v v3.0 will show you the key fingerprint which matches 76E21CBB.

Looks like he's using it as a temp place while master.kernel.org is down:


I wouldn't go so far as to say "hosted" on Github. It's probably just a mirror, and/or Linus playing around with Github. Linux already has a very strong hierarchy for managing patches, and I certainly don't see them moving to a proprietary platform.

Yes, everything is a mirror with git.

Look at his public activity [1]: comments, pull requests, issues… he is using GitHub, for real.

[1] https://github.com/torvalds

He is using comments, pull requests, and issues to develop diveclog, a relatively minor pet project, not Linux. As I said: Linux has its own infrastructure, and were Linus seriously considering a move to Github, there would be some announcement on a mailing list.

Which, this makes me wonder what will happen when someone forks "linux" and sends Linus a pull request. ;-)

We will soon have an answer, for sure! :-)

You already have it, at this time and in the foreseeable future the main linux repository is not hosted on github, only a mirror like gazillions others. For sure :-)

Reread the comment you responded to: It was not suggesting this is the new official Linux repo, as that was already addressed in grandparent's comment. The question under discussion was what linus would do with a pull request on github, so your smiling correction was unnecessary. For sure. :)

"Is there some way to just turn off github pull requests? They're all jokes." - https://github.com/torvalds/linux/pull/7#issuecomment-200563...

Won't mirroring a project show up in your public timeline? I'm mirroring Rainbows! (https://github.com/nilmethod/rainbows) and bits of it show up in my timeline when my mirror script fires off.

I don't think Linus would have any qualms about using proprietary stuff. c.f. the whole BitKeeper fiasco.

Huh? That's exactly why he would avoid proprietary stuff, and the reason why he developed git in the first place!

The reason he developed Git was that Tridge reverse-engineered BitKeeper protocol, hacked together a free BK client going explicitly against BK licensing terms. That created an unhealthy amount of controversy and started to affect the development - an unpleasant situation, which Linus in his holy torvaldness solved by writing a BK replacement. Not because he loves the GNU way, but because he hates counter-productive bickering and would rather write code than feed the flames. Ta-da.

Whoa, I didn't know the story of git beyond "Linus made it to manage the Linux kernel."

BitKeeper actually prohibits their customers from contributing to competing projects? They forced some guy to stop working on Mercurial in his free time because he used BitKeeper at work and they were afraid that he "might be moving BitKeeper technology into Mercurial." That's an impressive level of evil.

(See http://en.wikipedia.org/wiki/BitKeeper http://article.gmane.org/gmane.comp.version-control.mercuria... )

  BitKeeper actually prohibits their customers from contributing to competing projects?
Using the product to reverse-engineer a protocol to develop a free client is not 'contributing to a competing product'. Which is against their license (though that may be void because the law grants you reverse-engineering rights, no matter what a license says. Otherwise nothing could ever be reverse-engineered at all).

  they were afraid that he "might be moving BitKeeper technology into Mercurial."
That's entirely reasonable. If you have deep knowledge of how proprietary system A works and are hacking on free system B that purports to do the same thing, there is every chance you inadvertently include proprietary knowledge into your code for the free product. It's very hard to avoid using the knowledge you have.

Just to be clear:

a) I'm not talking about the reverse-engineering thing. Them wanting to shut that down is somewhat reasonable.

b) I don't think this guy had "deep knowledge of how [BitKeeper] works." He just used BitKeeper at his job. Most people who use git don't have a deep understanding of how it works. They just know how to make it manage their code. It feels pretty evil to me to provide a general development tool and put limitations on what any developer who uses it may do. What if Microsoft said in their license, "If you are a Windows user, you may not contribute to any other operating system."? We'd complain about how evil and anticompetitive Microsoft is.

in this case, saying "there's a chance" is the same as saying it's impossible to prove either which way.

It's a license, same as any other. Either you accept it or you don't. But if you do, then you're expected to be true to your word. Welshing on a deal, that's far more "evil" (a word that has totally lost any meaning on the Internet).

Alternatively, if you don't accept a license, then you are not bound to it. Which was reportedly the case here: http://www.groklaw.net/articlebasic.php?story=20050421023821...

Pfff. There are two types of agreeing to deals. One's for someone trying to use legal tricks to force you to do something unreasonable. Telling me that I may not look to see how something is done is not acceptable and is only "agreed to" because judges don't grok what a purchase is.

Don't expect people to be bound by forced promises.

If I was in a different societal context where I could say 'No', and you know, shoot someone if they got pushy about it, then I'd be truer to my word. But given that I can't there's no choice but to lie - I'm certainly not going to stop learning just because someone told me to to preserve his market share.

Also, the same thing applies to DRM removal, etc. Once I buy a product it's mine - be thankful I didn't just warez it in the first place.

As I understand it the problem was not that he "looked" but that he allegedly then incorporated what he saw into a rival product.

Also http://www.theregister.co.uk/2005/04/14/torvalds_attacks_tri...

Yeah, it's an idea. That's how they work.

This is extremely misleading. Tridge was not bound by BT's licensing terms so he could not have violated them.

git was developed because developers of BT stopped licensing it to Linux kernel developers with special terms, and Linus needed something as powerful.

I see it as Tridge simply accelerating the natural course of events, not actually causing them.

You should have watched the LCA talk where Tridge explained his reverse engineering.

He telneted the bk server and typed 'help'. It gave him a list of commands, and what they did.

LWN article on it: http://lwn.net/Articles/132938/

It's "really" hosted on Github(at least, for now): https://lkml.org/lkml/2011/9/4/92

Presumably just Linus playing around with Github? There's been a mirror for some time - https://github.com/mirrors/linux-2.6 and https://github.com/mirrors/linux

Would not be entirely surprised if the attack on kernel.org made the community (or even just Linus) investigate alternative hosting.

I know nothing important was compromised, but nobody likes to deal with being hacked. It's like being the victim in a car accident- insurance makes you whole, but the whole experience sucks all the same.

seriously though, do you think github.com, with thousands of valuable high profile private repositories and hundreds of fancy features and millions of users, would be a more secure place to host the Linux source code?

It's not about security- the kernel team has already explained the code itself is not vulnerable. Everything is signed by Linus, and hacking github does not a signed release make.

I may be naïve here, but is this suggesting security through obscurity is actually valid?

If it's on the net it's at risk.

Though I use Linux on daily basis, I see the source code for the first time.

That is one important contribution of Github, Bitbucket, Gitorious etc. to the open source world: the ability to browse a project's code instantly or near-instantly. Most SVN or CVS-based systems have an outdated, painful Web interface, buried under a thousand menus - assuming the project even sets one up to begin with. Even when you have a program installed on your computer, it's easier to browse the code on Github.

There was some article on the intertubes about how Github panders to devs, while Sourceforge panders to distributers.

You might be thinking of Zed Shaw's article "Launchpad vs. Github/SysAdmin vs. Coder": http://sheddingbikes.com/posts/1299555462.html

Yep, that's it.

The one thing I would disagree with is that Github's issue tracking still needs some serious love (although it has improved significantly since launch).

Mainly I would say that it works great for projects with relatively few contributors (like most Ruby gems), but seems to fall apart on very large projects (like Rails, who uses Lighthouse for issue tracking). Everything else about Github is amazing, though.

I think Github's issue tracker is the best around, now that search actually works. Very lightweight, and the integration with commits and pull requests is really nice.

dhh doesn't sound like he was ever a fan of Lighthouse: https://twitter.com/#!/dhh/status/63366853636009985

I would use it if it allowed groups to keep all of their issues in one place. Our organization has 20+ repos, so having 20+ bug trackers is pretty dumb. If they make a toplevel issue tracker, I think we'd switch to it.

Rails no longer uses lighthouse. They've been using GH issue for months.

Ah oops, it's been a little while since I jumped in there. Guess that's a good sign I need to find something to fix :)

I found the launchpad bzr code browser not to bad. Launchpad is also more project based then code based. The thing is that sourceforge and launchpad try to give you an overview of the project first while github show the code and a readme and maybe some wiki pages.

Most Java/Commercial has painful web interface. But smart people are using trac (Webkit, for example) or develop their own solution inspired by trac - code.google.com =)

Once again: trac is REALLY GOOD and no other project can compete for clarity and all other words form that UX crap. ^_^

Yeah...I've programmed Trac internals. The Trac code is an absolute nightmare to explore - very little API documentation, and they ship their own poorly-documented Web framework in Trac, not to mention the craziness that is the Zope component architecture. The UI's really not that great either - it's mostly the Trac derivatives like Redmine and Google Code that actually look nice.

Also, what does Webkit have to do with Trac?

Maybe if you use TextMate.

Emacs. Tag search. Problem: solved.

You poor poor soul!

My life has been infinitely enriched by the countless hours I've spent, many a dark night, in /usr/src/linux[1], with "Midnight Commander".

[1] A symlink, always a symlink.

Why do you make a specific point of the symlink?

Always a good idea to have things you build from source outside your /usr/src tree, and also named descriptively. Not just for stuff you build from source, but also other packages you admin yourself outside the distro package management (JDK comes to mind.)

I can think of a few reasons to build elsewhere like it being easier to do as a non-root user, and so you don't fill a system drive with experimentation, but I'm not quite sure I know specifically why you're saying so.

As for descriptive names, I agree.

Someone discovered a bug... https://github.com/torvalds/linux/issues/1

I feel bad for Linus. On Google+ and, now, at Github, he seems to attract irrelevant and foolish (mostly) and sometimes trollish comments. People seem to get starstruck and blabber whatever is on the tip of their tongue without thinking if Linus will even care to read it.

He probably wouldn't join these social networks if he wanted to avoid trolls. And they are probably nice change from LKMLs trolls :)

...and celebrities probably wouldn't fly on airplanes if they wanted to avoid paparazzi. Banning yourself from using things that your friends and colleagues are using is not a reasonable way to solve the problem that some people do not know how to behave themselves. :(

Apparently Linus removed the issues page.

Kinda sad. Github issues are great way to interact.

If you have bugs join the mailing list. Github issues are great (I use them too) but linux is a very large project with several bug trackers.

Kernel issues are tracked through distributions' bug trackers, bugzilla.kernel.org, and ultimately the mailing list.

It's gone 404 now, anyone have it in their cache?

Title from Google: "#1: can't run M$ office - Issues - torvalds/linux - GitHub". And yes, you can't delete issue on github.

I'm more amused by the people apparently taking him seriously (unless they're meta-trolling or something).


Kudos to Github. Hard to think of a better endorsement than that.

Endorsement? Linus said he threw it up on github as a temporary mirror to see if github is any good because kernel.org is down. It's more of a trial than an endorsement.

Endorsement is perhaps a bit strong, certainly good free publicity though.

I was wondering how long it would take for this to happen: https://github.com/torvalds/linux/pull/7#issuecomment-200563...

Days like today make me consider building from source. Until I sober up, anyway.

It's actually easier than you think (and quite fun.)

This page helped me a lot: https://help.ubuntu.com/community/Kernel/Compile#AltBuildMet...

It's really not that difficult.

In less than 3 hours he gained 300 watchers, I wouldn't doubt that it'll be become the most popular repo on Github.

Needs about 10,000 more to beat Rails.

I wonder why github's graphs page isn't available yet

The network graph makes for interesting viewing.

I suppose it comes as no surprise that Linux makes extensive use of Git's features.

Has anyone managed to view the Github Impact graph ?https://github.com/torvalds/linux/graphs/impact

It works in Firefox after continuing thru the "slow script" message a couple of times, but my WebKit browsers just crash or freeze.

I thought that Github wasn't accessible from all countries due to US export regulations.

Seems like Bill Gates already forked it: https://github.com/bill-gates/linux. Will Windows 8 be based on Linux?

Nope SteveJobs is still working on it... https://github.com/stevejobs/Windows-8

Should be a good test of github's infrastructure.

I'd be surprised if linux has more people hacking on it than RoR does.

Hosting the kernel git repositories has many more implications than simply managing a raw number of contributors. The kernel repostiory and source is much, much larger than Ruby on Rails.

in which sense? I have yet to see an argument why it would be more of a "test of GH's infrastructure" than RoR.

The kernel source has about 10 times more files. The total filesize is about 10 times larger as well.

  linux-3.1-rc3$ ls -R -l |wc -l
  linux-3.1-rc3$ du -h -s

  rails$ ls -R -l |wc -l
  rails$ du -h -s
  59M	.

If you mean hacking on it using github, sure. Otherwise, https://lwn.net/Articles/451243/

yes, I meant hacking on it when I said "hacking on it".

It definitely does, Linux is used by far more people than Ruby on Rails is.

I'm not sure that usage indicates even rough numbers of hackers. Hacking OS code is a bit more daunting than hacking RoR code (at least in popular opinion), therefore I would think that more users of RoR are likely to hack on it.

That said, Linux is a huge project with tons of contributors.

I suspect it's likely to be:

RoR: Large number of contributors with relatively small patches, few full time contributors who are paid just to work on RoR.

Linux: Possibly smaller number of overall contributors but supplying more patches each, and more patches in total. More contributors who are paid to work on the kernel on a full or part time basis.

The numbers for the kernel are well known (and they are hard to beat for any open source projects): https://lwn.net/Articles/395961/ (for every version ~1.1k devs and around 10k changesets)

Indeed. I don't recall the exact numbers, though I've heard both Linux and RoR numbers, I think that Linux has factors more developers committing to it than RoR.

Linux is, perhaps, the most rapidly changing piece of software in existence

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact