Today I saw a rumor in the community that Linus Torvalds participated in the $zailgo project, along with a GitHub link https://github.com/notwedtm/zailgo.

I was quite surprised to see this news. Who is Linus Torvalds? Let's take a look at the introduction on Wikipedia:

Linus Torvalds is the author of the Linux kernel and also the creator of the open-source project Git. It is truly puzzling how such an ancient giant would come to participate in a small project in web3. The truth is always singular; let's find it out.

First, let's click on "commit" to see what the giant submitted:

Upon clicking, we find that the status of this commit is "Unverified," indicating that this submission has not been verified.

By clicking on this status, we can also see a prompt that Linus Torvalds did not sign it with his public key.

So how is such a submission forged? It's actually quite simple. The person recording the commit information on GitHub only needs fields like GITAUTHORNAME, GITAUTHOREMAIL, etc. Can we forge this information?

Let's conduct an experiment by setting the relevant environment variables, all of which are publicly available information about Linus Torvalds:

export GITAUTHORNAME="Linus Torvalds"

export GITAUTHOREMAIL="linus@example.com"

export GITCOMMITTERNAME="Linus Torvalds"

export GITCOMMITTEREMAIL="linus@example.com"

Then we can randomly change some content in the source file and commit it. Let's see what the log shows:

The top entry is my test information, and we can see that the author information in the log has changed to Linus Torvalds. At this point, if I were to submit, it would show that Linus Torvalds participated in this project on GitHub. The second entry is the forged information we currently see on GitHub.

So how can we determine if a submission is forged? Here are a few methods:

1. We can click on the commit to see the current status of the submission. If it is a real submission, there will be nothing in the status; if it is forged, it will show "Unverified" as above.

2. We can also go to Linus Torvalds' GitHub homepage to see what projects he has contributed to. His GitHub is https://github.com/torvalds. In the "Contribution activity," we can see that he has not participated in the zailgo project.

3. The project administrator can see detailed commit logs, and at that point, the forger's information can also be discovered, but we do not have administrative privileges.

The zailgo project is a good project, and forging information for publicity is unacceptable. Everyone should be cautious not to be deceived by such false news.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。