From the ‘Ok, maybe Kernel.org is better for Linux’ files:
Earlier this week, I blogged about my hope for Linux moving permanently to Github. I’m a huge fan of github and it works well for me and tens of thousands of others.
But as it turns out, it doesn’t work out to be the best choice for Linux kernel development.
This week, Linus Torvalds has already posted multiple messages to LKML which show the problems with Github as it currently exists.
“Guys, when using some general git hosting site, I really want some proof that you are you. Not just a “please pull”,” Torvalds wrote. “
Tell me *why* I should believe that this is a real pull request from the proper source. Otherwise I’ll just wait until kernel.org is back to life, where random people can’t just create repositories and send email.”
That’s a problem isn’t it?
Github’s great strength is that it has no barriers to entry. But that strength is also a risk when you can’t verify authenticity of ownership. Yes there are solutions.
Sure github could enforce some kind of crypto signature setup or other common type of identity authentication, it’s not that hard. I suppose this is a time-based problem.
If kernel.org service is restored in the next week, I suspect Torvalds will move back to kernel.org without hesitation. But what happens if it’s a month?
I have no doubt that the longer the kernel.org outage persists, the more likely Torvalds (or someone else) will create solutions that solve the github problems. In a system where anyone can build a tree, trust does take time.