Page 1 of 3
Reactos participation and windows source leaked
Posted: Fri Jan 11, 2019 5:57 am
by paulphoenix
Hello,
Supposedly someone had an access and seen leaked windows source code few years ago. At the time he/she do not have any idea of the code and had forgotten since about the code, does he/she allowed to contribute to ReactOS development?
This is due to the following statement on the participation page (
https://www.reactos.org/participation)
"Getting involved with ReactOS is easy and straightforward! We only ask that you have not had access to Microsoft source code for the area you want to work on. This includes either having worked at Microsoft, obtaining the source code through an academic program or from the illegal leakage of Windows source code several years ago. Having viewed the source prevents you from contributing to avoid undermining the legality of our source code"
Re: Reactos participation and windows source leaked
Posted: Fri Jan 11, 2019 11:22 am
by EmuandCo
In general you always are allowed to participate, only parts where you might be tainted by leaked code are a lil problem. Unless you can verify the correctness of your code by test cases or sources where you got the information from which are not copyrighted by MS, you will have a problem there. We have to be better safe than sorry in this case. So I recommend you to join the dev ml and get in touch with our bunch of devs and tell them what you analyzed in the leaked code and where you wanna help and they will decide what to do ^^ Or maybe @ThFabba in here will see that and take over from now on ^^
Re: Reactos participation and windows source leaked
Posted: Fri Jan 18, 2019 7:19 pm
by paulphoenix
I have joined the mailing list and asked basically the same question but didn't get any proper reply yet. Thanks.
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 7:23 am
by Quim
https://github.com/reactos/reactos/blob ... #L803-L804
It is just an April fool joke or could be real?
Is 100 % of ReactOS code 100 % clean?
Where are certificates that prove it?
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 3:22 pm
by hbelusca
Surprising; this comment seems to have been added by:
https://github.com/reactos/reactos/comm ... 2d5a759b69
(Note: you can use the "Blame" button to view who committed what in this file, and in others as well.)
I'm wonder where and how this commit happened because:
- I currently cannot find this instance here:
https://git.reactos.org/?p=reactos.git& ... ource&sr=1
- neither in the history of the incriminated file:
https://git.reactos.org/?p=reactos.git; ... AD;hb=HEAD
I also tried to search to which branch that commit belongs (using "git branch --contains <commit_hash>"), no result is found.
So I'm really wondering where and how you did find that commit. Also note that this guy "PeyTy" never contributed to ReactOS. The only thing he did is to create this "GreenTea" OS that originally started as a ReactOS fork, and then is currently turning into a kernel written in "Hexa" programming language.
I would suggest you to ask in the ros-dev mailing list for how this could happen.
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 5:07 pm
by karlexceed
This really doesn't make sense...
- The commit has a misleading description, "Update README.md"
- The commit doesn't show up in the user's commit history for December
- The commit doesn't show up in the reactos commit history for December 29
- I just downloaded the entire ReactOS source as a ZIP from Github, and this comment isn't in that file.
And yet... It's there in the file's commit history and looks like it's part of the file here on GitHub.
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 5:22 pm
by EmuandCo
@Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
There is no code linkage to any of our commits, there is no commit access for that PeyTy and never will be due to the sources he uses and there is no Pull request committed by him either. Thus this whole thing smells fishy!
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 5:46 pm
by karlexceed
karlexceed wrote: ↑Mon Jan 21, 2019 5:07 pm
And yet... It's there in the file's commit history and looks like it's part of the file here on GitHub.
Scratch this. It only appears that way if you follow from the link posted by Quim above.
If you manually navigate to the file in question from
https://github.com/reactos/reactos/ you'll see that these comments aren't present. Yet the blob's URL/file path seems to indicate that it exists somewhere in the ROS github repo, which I find concerning.
I think I smell a troll...
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 6:26 pm
by hbelusca
Ok we know it's a dangling commit, since it is know that
GitHub can keep dangling commits. The question is from where does it originate? Because if it was from guy's branch, it would not be in "reactos/reactos".
It may be possible to ask GitHub support to perform a "git gc" on the hosted repo in order to clear all that bullshit.
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 8:08 pm
by dizt3mp3r
karlexceed wrote: ↑Mon Jan 21, 2019 5:46 pm
I think I smell a troll...
Given that recent spat with that kerneli... troll, I suspect this is the result.
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 8:59 pm
by justincase
dizt3mp3r wrote: ↑Mon Jan 21, 2019 8:08 pmGiven that recent spat with that kerneli... troll, I suspect this is the result.
I don't know that this necessarily has anything to do with that, though I suppose it might. Given the manner in which that person deals with people on their forum, I wouldn't put it past them to try something like this.
Anyway, on to the technical.
As an experiment, I copied the commit id from the latest commit to ReactOS' master branch, and went to a few random forks people have made that haven't been updated in a while (therefore this commit shouldn't exist on the fork under their name), opened a link to a specific commit on their fork, and replaced the commit id in the url with the one copied from the ReactOS master branch, and each time it showed up exactly like the commit linked above did.
I suspect that someone did effectively the same thing (but in the opposite direction) to create the link shared above: Push the commit to a GitHub fork of ReactOS, copy commit id, go to ReactOS' main GitHub repository, open a link to a specific commit, replace commit id in url, post it somewhere for people to freak out about, watch and laugh.
I wouldn't bother freaking out about it, as that's exactly what that person wants, and if they can cause a panic, they're more likely to try a similar stunt in the future, whereas if we handle it gracefully and let their attempt fall flat, it won't be as fun for them to keep trying this stupid stuff.
hbelusca wrote: ↑Mon Jan 21, 2019 6:26 pmIt may be possible to ask GitHub support to perform a "git gc" on the hosted repo in order to clear all that bullshit.
Requesting that they run garbage collection on our repo may or may not help, depending on if there's a branch on GitHub (in one of the many forks of our repo) that includes it, but if we can open a dialogue with GitHub about this issue, perhaps they could implement a method of keeping the commits on someone's fork from being viewed as if they're part of the main repository so as to prevent this kind of abuse in the future.
EmuandCo wrote: ↑Mon Jan 21, 2019 5:22 pm@Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
Yes, @Quim, please do tell.
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 9:17 pm
by karlexceed
justincase wrote: ↑Mon Jan 21, 2019 8:59 pm
As an experiment, I copied the commit id from the latest commit to ReactOS' master branch, and went to a few random forks people have made that haven't been updated in a while (therefore this commit shouldn't exist on the fork under their name), opened a link to a specific commit on their fork, and replaced the commit id in the url with the one copied from the ReactOS master branch, and each time it showed up exactly like the commit linked above did.
Confirmed. Any fork will work, just add "/blob/59b78b4756da02e275e35bd40a27962d5a759b69/ntoskrnl/ke/i386/exp.c#L803-L804" after the fork's URL and you'll see the same thing.
As an example, this fork by 0xBADCA7 (picked randomly) is 3337 commits behind master:
https://github.com/0xBADCA7/reactos/blo ... #L803-L804
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 9:40 pm
by PurpleGurl
EmuandCo wrote: ↑Mon Jan 21, 2019 5:22 pm
@Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
There is no code linkage to any of our commits, there is no commit access for that PeyTy and never will be due to the sources he uses and there is no Pull request committed by him either. Thus this whole thing smells fishy!
Could this be our poison pen blogger from the locked thread? Checking the dates, the last thing he posted before one of us found it was 12-30. And that puts the repository vandalism or whatever closer to then.
In the first link, I couldn't access his profile, but I finally was able to, and it makes sense. This could be the same guy, but we have no way of knowing. This guy is presumably Russian and working on GreenTeaOS... maybe he didn't like us criticizing his project and how it might be tainted, and thus going after us was supposed to be a preemptive strike or something.
Re: Reactos participation and windows source leaked
Posted: Mon Jan 21, 2019 10:22 pm
by karlexceed
The GitHub user implicated made two other commits on the same day with the same commit title, but different descriptions:
https://github.com/GreenteaOS/Greentea/ ... 632337cf15
https://github.com/GreenteaOS/Greentea/ ... 423f9c8782
But I can't find any evidence as to where the commit in question originated.
The commit is marked as 'Verified', which means it was signed, but that doesn't necessarily mean that it was the GreenTea contributor that did this. See:
http://www.jayhuang.org/blog/tag/impersonating/
Literally anyone could have forked ReactOS and made this commit. Someone is definitely trying to stir things up.
Re: Reactos participation and windows source leaked
Posted: Tue Jan 22, 2019 9:45 am
by EmuandCo
Not the time to flame at PeyTy. As long as noone explains us how that could happen at all, I don't recommend to accuse anyone of anything!