Reactos participation and windows source leaked
Moderator: Moderator Team
-
- Posts: 2
- Joined: Fri Jan 11, 2019 5:39 am
Reactos participation and windows source leaked
Hello,
Supposedly someone had an access and seen leaked windows source code few years ago. At the time he/she do not have any idea of the code and had forgotten since about the code, does he/she allowed to contribute to ReactOS development?
This is due to the following statement on the participation page (https://www.reactos.org/participation)
"Getting involved with ReactOS is easy and straightforward! We only ask that you have not had access to Microsoft source code for the area you want to work on. This includes either having worked at Microsoft, obtaining the source code through an academic program or from the illegal leakage of Windows source code several years ago. Having viewed the source prevents you from contributing to avoid undermining the legality of our source code"
Supposedly someone had an access and seen leaked windows source code few years ago. At the time he/she do not have any idea of the code and had forgotten since about the code, does he/she allowed to contribute to ReactOS development?
This is due to the following statement on the participation page (https://www.reactos.org/participation)
"Getting involved with ReactOS is easy and straightforward! We only ask that you have not had access to Microsoft source code for the area you want to work on. This includes either having worked at Microsoft, obtaining the source code through an academic program or from the illegal leakage of Windows source code several years ago. Having viewed the source prevents you from contributing to avoid undermining the legality of our source code"
- EmuandCo
- Developer
- Posts: 4722
- Joined: Sun Nov 28, 2004 7:52 pm
- Location: Germany, Bavaria, Steinfeld
- Contact:
Re: Reactos participation and windows source leaked
In general you always are allowed to participate, only parts where you might be tainted by leaked code are a lil problem. Unless you can verify the correctness of your code by test cases or sources where you got the information from which are not copyrighted by MS, you will have a problem there. We have to be better safe than sorry in this case. So I recommend you to join the dev ml and get in touch with our bunch of devs and tell them what you analyzed in the leaked code and where you wanna help and they will decide what to do ^^ Or maybe @ThFabba in here will see that and take over from now on ^^
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
If my post/reply offends or insults you, be sure that you know what sarcasm is...
If my post/reply offends or insults you, be sure that you know what sarcasm is...
-
- Posts: 2
- Joined: Fri Jan 11, 2019 5:39 am
Re: Reactos participation and windows source leaked
I have joined the mailing list and asked basically the same question but didn't get any proper reply yet. Thanks.
Re: Reactos participation and windows source leaked
https://github.com/reactos/reactos/blob ... #L803-L804
It is just an April fool joke or could be real?
Is 100 % of ReactOS code 100 % clean?
Where are certificates that prove it?
It is just an April fool joke or could be real?
Is 100 % of ReactOS code 100 % clean?
Where are certificates that prove it?
Re: Reactos participation and windows source leaked
Surprising; this comment seems to have been added by: https://github.com/reactos/reactos/comm ... 2d5a759b69
(Note: you can use the "Blame" button to view who committed what in this file, and in others as well.)
I'm wonder where and how this commit happened because:
- I currently cannot find this instance here: https://git.reactos.org/?p=reactos.git& ... ource&sr=1
- neither in the history of the incriminated file: https://git.reactos.org/?p=reactos.git; ... AD;hb=HEAD
I also tried to search to which branch that commit belongs (using "git branch --contains <commit_hash>"), no result is found.
So I'm really wondering where and how you did find that commit. Also note that this guy "PeyTy" never contributed to ReactOS. The only thing he did is to create this "GreenTea" OS that originally started as a ReactOS fork, and then is currently turning into a kernel written in "Hexa" programming language.
I would suggest you to ask in the ros-dev mailing list for how this could happen.
(Note: you can use the "Blame" button to view who committed what in this file, and in others as well.)
I'm wonder where and how this commit happened because:
- I currently cannot find this instance here: https://git.reactos.org/?p=reactos.git& ... ource&sr=1
- neither in the history of the incriminated file: https://git.reactos.org/?p=reactos.git; ... AD;hb=HEAD
I also tried to search to which branch that commit belongs (using "git branch --contains <commit_hash>"), no result is found.
So I'm really wondering where and how you did find that commit. Also note that this guy "PeyTy" never contributed to ReactOS. The only thing he did is to create this "GreenTea" OS that originally started as a ReactOS fork, and then is currently turning into a kernel written in "Hexa" programming language.
I would suggest you to ask in the ros-dev mailing list for how this could happen.
-
- Posts: 531
- Joined: Thu Jan 10, 2013 6:17 pm
- Contact:
Re: Reactos participation and windows source leaked
This really doesn't make sense...
- The commit has a misleading description, "Update README.md"
- The commit doesn't show up in the user's commit history for December
- The commit doesn't show up in the reactos commit history for December 29
- I just downloaded the entire ReactOS source as a ZIP from Github, and this comment isn't in that file.
And yet... It's there in the file's commit history and looks like it's part of the file here on GitHub.
- The commit has a misleading description, "Update README.md"
- The commit doesn't show up in the user's commit history for December
- The commit doesn't show up in the reactos commit history for December 29
- I just downloaded the entire ReactOS source as a ZIP from Github, and this comment isn't in that file.
And yet... It's there in the file's commit history and looks like it's part of the file here on GitHub.
- EmuandCo
- Developer
- Posts: 4722
- Joined: Sun Nov 28, 2004 7:52 pm
- Location: Germany, Bavaria, Steinfeld
- Contact:
Re: Reactos participation and windows source leaked
@Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
There is no code linkage to any of our commits, there is no commit access for that PeyTy and never will be due to the sources he uses and there is no Pull request committed by him either. Thus this whole thing smells fishy!
There is no code linkage to any of our commits, there is no commit access for that PeyTy and never will be due to the sources he uses and there is no Pull request committed by him either. Thus this whole thing smells fishy!
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
If my post/reply offends or insults you, be sure that you know what sarcasm is...
If my post/reply offends or insults you, be sure that you know what sarcasm is...
-
- Posts: 531
- Joined: Thu Jan 10, 2013 6:17 pm
- Contact:
Re: Reactos participation and windows source leaked
Scratch this. It only appears that way if you follow from the link posted by Quim above.karlexceed wrote: ↑Mon Jan 21, 2019 5:07 pm And yet... It's there in the file's commit history and looks like it's part of the file here on GitHub.
If you manually navigate to the file in question from https://github.com/reactos/reactos/ you'll see that these comments aren't present. Yet the blob's URL/file path seems to indicate that it exists somewhere in the ROS github repo, which I find concerning.
I think I smell a troll...
Re: Reactos participation and windows source leaked
Ok we know it's a dangling commit, since it is know that GitHub can keep dangling commits. The question is from where does it originate? Because if it was from guy's branch, it would not be in "reactos/reactos".
It may be possible to ask GitHub support to perform a "git gc" on the hosted repo in order to clear all that bullshit.
It may be possible to ask GitHub support to perform a "git gc" on the hosted repo in order to clear all that bullshit.
Re: Reactos participation and windows source leaked
Given that recent spat with that kerneli... troll, I suspect this is the result.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
-
- Posts: 441
- Joined: Sat Nov 15, 2008 4:13 pm
Re: Reactos participation and windows source leaked
I don't know that this necessarily has anything to do with that, though I suppose it might. Given the manner in which that person deals with people on their forum, I wouldn't put it past them to try something like this.
Anyway, on to the technical.
As an experiment, I copied the commit id from the latest commit to ReactOS' master branch, and went to a few random forks people have made that haven't been updated in a while (therefore this commit shouldn't exist on the fork under their name), opened a link to a specific commit on their fork, and replaced the commit id in the url with the one copied from the ReactOS master branch, and each time it showed up exactly like the commit linked above did.
I suspect that someone did effectively the same thing (but in the opposite direction) to create the link shared above: Push the commit to a GitHub fork of ReactOS, copy commit id, go to ReactOS' main GitHub repository, open a link to a specific commit, replace commit id in url, post it somewhere for people to freak out about, watch and laugh.
I wouldn't bother freaking out about it, as that's exactly what that person wants, and if they can cause a panic, they're more likely to try a similar stunt in the future, whereas if we handle it gracefully and let their attempt fall flat, it won't be as fun for them to keep trying this stupid stuff.
Requesting that they run garbage collection on our repo may or may not help, depending on if there's a branch on GitHub (in one of the many forks of our repo) that includes it, but if we can open a dialogue with GitHub about this issue, perhaps they could implement a method of keeping the commits on someone's fork from being viewed as if they're part of the main repository so as to prevent this kind of abuse in the future.
Yes, @Quim, please do tell.
I reserve the right to ignore any portion of any post if I deem it not constructive or likely to cause the discussion to degenerate.
-
- Posts: 531
- Joined: Thu Jan 10, 2013 6:17 pm
- Contact:
Re: Reactos participation and windows source leaked
Confirmed. Any fork will work, just add "/blob/59b78b4756da02e275e35bd40a27962d5a759b69/ntoskrnl/ke/i386/exp.c#L803-L804" after the fork's URL and you'll see the same thing.justincase wrote: ↑Mon Jan 21, 2019 8:59 pm As an experiment, I copied the commit id from the latest commit to ReactOS' master branch, and went to a few random forks people have made that haven't been updated in a while (therefore this commit shouldn't exist on the fork under their name), opened a link to a specific commit on their fork, and replaced the commit id in the url with the one copied from the ReactOS master branch, and each time it showed up exactly like the commit linked above did.
As an example, this fork by 0xBADCA7 (picked randomly) is 3337 commits behind master: https://github.com/0xBADCA7/reactos/blo ... #L803-L804
-
- Posts: 1790
- Joined: Fri Aug 07, 2009 5:11 am
- Location: USA
Re: Reactos participation and windows source leaked
Could this be our poison pen blogger from the locked thread? Checking the dates, the last thing he posted before one of us found it was 12-30. And that puts the repository vandalism or whatever closer to then.EmuandCo wrote: ↑Mon Jan 21, 2019 5:22 pm @Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
There is no code linkage to any of our commits, there is no commit access for that PeyTy and never will be due to the sources he uses and there is no Pull request committed by him either. Thus this whole thing smells fishy!
In the first link, I couldn't access his profile, but I finally was able to, and it makes sense. This could be the same guy, but we have no way of knowing. This guy is presumably Russian and working on GreenTeaOS... maybe he didn't like us criticizing his project and how it might be tainted, and thus going after us was supposed to be a preemptive strike or something.
Last edited by PurpleGurl on Tue Jan 22, 2019 12:19 pm, edited 1 time in total.
-
- Posts: 531
- Joined: Thu Jan 10, 2013 6:17 pm
- Contact:
Re: Reactos participation and windows source leaked
The GitHub user implicated made two other commits on the same day with the same commit title, but different descriptions:
https://github.com/GreenteaOS/Greentea/ ... 632337cf15
https://github.com/GreenteaOS/Greentea/ ... 423f9c8782
But I can't find any evidence as to where the commit in question originated.
The commit is marked as 'Verified', which means it was signed, but that doesn't necessarily mean that it was the GreenTea contributor that did this. See: http://www.jayhuang.org/blog/tag/impersonating/
Literally anyone could have forked ReactOS and made this commit. Someone is definitely trying to stir things up.
https://github.com/GreenteaOS/Greentea/ ... 632337cf15
https://github.com/GreenteaOS/Greentea/ ... 423f9c8782
But I can't find any evidence as to where the commit in question originated.
The commit is marked as 'Verified', which means it was signed, but that doesn't necessarily mean that it was the GreenTea contributor that did this. See: http://www.jayhuang.org/blog/tag/impersonating/
Literally anyone could have forked ReactOS and made this commit. Someone is definitely trying to stir things up.
- EmuandCo
- Developer
- Posts: 4722
- Joined: Sun Nov 28, 2004 7:52 pm
- Location: Germany, Bavaria, Steinfeld
- Contact:
Re: Reactos participation and windows source leaked
Not the time to flame at PeyTy. As long as noone explains us how that could happen at all, I don't recommend to accuse anyone of anything!
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
If my post/reply offends or insults you, be sure that you know what sarcasm is...
If my post/reply offends or insults you, be sure that you know what sarcasm is...
Who is online
Users browsing this forum: No registered users and 25 guests