If you get reports on what looks like backdoor and do a gitblame, does the enail that returns get traced to other projects? Like is there a pattern detection to the authors that also allows for detection of current malicous contributors?

Not a kernel veteran, but I do send patches and reviews occasionally and as mentioned in the article, Sashiko is a big help. It can detect very obscure race conditions, stack leaks and other bugs that could cause a kernel panic. It's also really good at analyzing subsystem-specific nuances (in the IIO subsystem for example, it can get chip parameters from a datasheet and actually check whether the code reflects it correctly, e. g. with timing).

Needs a [26th March 2026] tag. That's, like, 3 months ago. Can anything in it still be relevant?