“But he also had some process and security lessons to offer developers about how to code submissions to the kernel should be made.” “I notice that you have a GitHub merge commit in there,” wrote Torvalds.
He continued: “That’s another of those things that I *really* don’t want to see — GitHub creates absolutely useless garbage merges, and you should never ever use the GitHub interfaces to merge anything…GitHub is a perfectly fine hosting site, and it does a number of other things well too, but merges are not one of those things.”
Torvalds’ chief problem with it was that merges need “proper commit messages with information about [what] is being merged and *why* you merge something.” He continued: “But it also means proper authorship and committer information etc. All of which GitHub entirely screws up.”
TechRadar supplies some more context:
One of the shortcomings Torvalds highlighted are GitHub’s concise, factually correct, but functionally useless, commit messages. For instance, GitHub’s commit message for Paragon’s merge read “Merge branch ‘torvalds:master’ into master”, which didn’t impress Torvalds one bit…
Torvalds also had some pertinent security advice, perhaps useful in light of recent software supply chain cyberattacks that the Linux Foundation wants to address by improving supply chain integrity through tools that make it easier to sign software cryptographically. As Torvalds points out, this is particularly important for new contributors to the Linux kernel. “For GitHub accounts (or really, anything but kernel.org where I can just trust the account management), I really want the pull request to be a signed tag, not just a plain branch,” Torvalds explains…
Torvalds suggests Paragon do future merges from the command-line.