[spyc]

Hi! Three things:

- There is no commit with a SHA1 like that in atop Git history and what you shared is too long for a SHA1, it looks more like a SHA256. Did you share the right checksum? The only other way I can read this is that it's a SHA256 checksum of one of the past atop release tarballs or artifacts. I have not yet checked those.

- I have tried finding your tool Bismuth but all I find is things KDE and crypto currencies. Please share a link to the Bismuth that you are working on.

- You technically said that you are working on Bismuth /and/ found something, not that you found the bug /through/ Bismuth. Please clarify if and how that was the case.

Thank you!

[ianbutler]

- That SHA is just a proof marker so if it turns out we are correct we can prove we had it at that time

- Bismuth did indeed find the bug, our bug scanning feature in particular. Obviously we're going to sit on our hands until the maintainer gives the all clear but we'll write something up after this is all squared away

- https://www.bismuth.sh is our tool, we're still relatively new

[throwawayben]

pretty sure it's just a hash of some text they can reveal later, to prove that they had something at this point in time. not referring to any release or commit

[ianbutler]

This is exactly correct

[spyc]

I see, thanks!

[spyc]

Update: I found https://www.bismuth.sh/ at https://news.ycombinator.com/user?id=ianbutler .