[microtonal]

If you are going to try to insert backdoors, you will come up with a way to of doing it with plausible deniability. Letting an employee post the patch own their own credentials is one way way of setting up plausible deniability.

[fulafel]

Yes, of course. But the flip side is that any given bug is unlikely to be a covert backdoor.

Considering the scrutiny Huwaei is under, and how this patch was not proposed or destined to any existing used Linux component, this would be an odd risk-reward equation.

I fear this will be a nail in the coffin for any freedoms Huawei employees had to participate in open source infosec dev community on their own volition. We should be encouraging this kind of participation, not publically crucifying beginning participants and their employers for mistakes.