lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 6 Aug 2006 20:56:53 -0400
From:	Shawn Starr <shawn.starr@...ers.com>
To:	hdaps-devel@...ts.sourceforge.net
Cc:	linux-kernel@...r.kernel.org,
	"Shem Multinymous" <multinymous@...il.com>
Subject: Re: [Hdaps-devel] [PATCH 01/12] thinkpad_ec: New driver for ThinkPad embedded controller access

On Sunday 06 August 2006 6:08 pm, Shem Multinymous wrote:
> Hi Ted,
>
> Thanks for the explanation. Point taken, though I can't help parsing it as:
>
> On 8/6/06, Theodore Tso <tytso@....edu> wrote:
> > For legal reasons, we need a way to to contact and identify the author
> > in the real world, not just in cyberspace, and a pseudonym doesn't
> > meet that requirement.
>
> "We want to be able to sue you if they sue us."
>
> Which is actually not a problem for me (i.e., I don't believe I have
> nothing to worry about legally); but I do have other, non-legal
> considerations.
>
> > just as the fact that we aren't requiring ink signatures and public
> > notary checks doesn't mean we shouldn't stop doing what we are doing.
>
> Understood, but still a bit silly. You have no idea how many of the
> 2252 people in `git-whatchanged | grep Signed-off-by: | sort | uniq`
> gave their legal name, and I doubt you could contact most of them in
> the real world without their cooperation (and with my cooperation, you
> could contact me too). Heck, some of those email domains don't even
> resolve. So this "chain of responsibiliy" is pretty worthless if
> someone really tries to inject legally malicious code into mainline,
> i.e., you end up blindly trusting people anyway.
>
> BTW, Ted, we actually have met in person. :-)
>
>   Shem

This is where GNU PGP keys can help. If more people used them, as a trust 
mechanism it would help people trust people more. Otherwise, what's the point 
of these keysignings? :-)

I don't mind providing my PGP key if it helps people recognize I am who I am 
via email and signed patches.

Shawn.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists