Compared to what a fully malicious group could have done, this is quite benign. They published the list of email addresses that they used to make the commits and announced what they’d done. They also weren’t trying to introduce any actual vulnerabilities. Even though I don’t agree with the way they did it (especially not telling anyone first), hopefully the fact that they managed to do this will act as a wake up call for the Linux kernel (and other open source projects).
Compared to what a fully malicious group could have done, this is quite benign. They published the list of email addresses that they used to make the commits and announced what they’d done. They also weren’t trying to introduce any actual vulnerabilities. Even though I don’t agree with the way they did it (especially not telling anyone first), hopefully the fact that they managed to do this will act as a wake up call for the Linux kernel (and other open source projects).
Based on what I read, they tries to introduce vulnerabilities, but the code was accidentally correct. Which is quite funny.