| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Oct 2011 11:04:26 +0300
From: Adrian Bunk <bunk@...sta.de>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Ted Ts'o <tytso@....edu>, "Frank Ch. Eigler" <fche@...hat.com>,
Valdis.Kletnieks@...edu, "H. Peter Anvin" <hpa@...or.com>,
"Rafael J. Wysocki" <rjw@...k.pl>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Greg KH <gregkh@...e.de>
Subject: Re: kernel.org status: establishing a PGP web of trust
On Thu, Oct 06, 2011 at 01:57:24AM +0200, Thomas Gleixner wrote:
> On Wed, 5 Oct 2011, Adrian Bunk wrote:
>...
> > Let me paraphrase my question:
> > "Whose signatures do I need on my key so that it will be accepted
> > at kernel.org?"
>
> Your understanding of key signing seems to be that some technical
> measure which makes the key valid is enough to enter a web of trust.
>
> Webs of trust cannot be built nor entered by any technical means.
>
> A web of trust is built by personal relationships and the key signing
> is just a technical measure to express that.
>
> I really do not care about your ID card, because it's a fact that
> people got keys signed by showing fake IDs.
>
> > With that information I can check if one email to a few local people to
> > have a local keysigning is enough.
>
> Whatfor? To regain your k.org account? Can you provide a single
> reason why that should happen?
>
> I can't think of one. You vanished away with a big bang and now you
> come back out of the blue and assume that you're a trusted person just
> by slapping a few signs on your key?
I would say I vanished silently after several big bangs with you and
other people and some other incidents, but that's not really relevant.
My main reason for regaining my kernel.org account is that I heavily
used my bunk@...nel.org address for kernel development (just check the
kernel history), and I was still getting emails to that.
Assuming the @kernel.org addresses will not vanish, I need accepted
credential for accessing that address.
> > Or if I have to bother Linus to meet me and sign my key the next
> > time he is here in Helsinki.
>
> And how would that change the fact that your personal trust value in
> this community is exactly ZERO?
Your trust in me is exactly zero, and that wouldn't change if you'd sign
my key.
And for some other people in this community the same is surely also true.
Now I can laugh about the incident when a member of the program commitee
(sic) of a kernel summit sent me an angry "Why didn't you take your seat?"
email - it turned out I was not invited.
I don't know anything about the behind-the-scenes politics of kernel
development, but I got the message that some people want to avoid my
physical presence, and will not impose that on anyone who does not
want to meet me. [1]
> As your idea of trust seems to be based on an ID card you better find
> some other place with people who are stupid enough to believe that
> technical measures can replace deep personal trust.
We are talking about the technical requirements for regaining an
account I was trusted to have before.
If anyone accepts patches from me, or if Linus will ever again pull git
trees from me, are questions completely unrelated to whether you or he
or anyone else signs my key.
> Thanks,
>
> tglx
cu
Adrian
[1] And my "have to bother Linus to meet me" was intended as asking him
if it would be possible, I wouldn't do stalking if he'd refuse.
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists