You may have read the news last week. Linus Torvalds exploded on the LKML because of a series of modifications on Kees Cook’s tree that he thought of being a malicious attack against the Linux kernel code. Cook has been a kernel developer for a long time, so him being accused of malicious intent by Torvalds himself of course made the news as soon as it happened. After some back and forth, developer Konstantin Ryabitsev was able to trace the origin of the problem. Some script Cook used to rebase some of his commits had run amok and unintentionally corrupted his tree. After realizing what had happened, Cook was reinstated as part of the project. No harm was done; business went on as usual after that.

But the FOSS “press” was so quick to milk the clickbait on this one. Just on YouTube, you’ll find videos like this, later expanded with the full resolution of the story here; or this one and this other one in Spanish. On the written side of things, you may find articles like this one and probably many more. All of these, of course, resort to titles where they bait potential readers with the possibility of some malicious intent of attacking the Linux source tree, even when the video or the article itself later backs off that narrative by explaining how everything was just a misunderstanding due to a faulty script, no bad intentions whatsoever.

Phoronix, on the other hand, did the right thing in the article I cited first, by using a way more neutral title: Apparent Git Scripting Issue Raised Concerns Of Possible Malicious Linux Kernel Activity. However I have noticed that the article URL says Linux 6.16 Git Gone Wrong. I don’t know if that was an earlier title that was later edited as soon as new information came in, but in any case even that apparent first title is way more cautious than just assuming Torvalds’ instinctive (and quite understandable, though rushed) first reaction at face value.

Even Linus can get things wrong from time to time. Therefore, when reporting on something that is still a developing story that can go either way, the ethical move is to wait. We’re living in an era of fast-paced media and there are reasons for publishing an ongoing story. The problem is when people jump to conclusions that imply something really bad and big happened, without proof or an analysis yet.

This is surprising to me in a niche like FOSS, where you’d expect people to be more methodical precisely because most of us have some relation to coding, computers, etc., so we should know that many, many times things go wrong not because of bad intention, but because we’re dealing with complex systems and mistakes can easily be made. This goes for Linus himself, of course, although I can’t even start to imagine the amount of stress he carries over his shoulder as the leader of such a critical project like the Linux kernel. Stress often leads to bad emotional management (but no, I’m not justifying Linus’s first reaction accusing his colleague of bad intention,) but I’m sure the FOSS press can do better.