lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 17 Aug 2018 15:35:15 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Dominique Martinet <asmadeus@...ewreck.org>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     V9FS Developers <v9fs-developer@...ts.sourceforge.net>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Network Development <netdev@...r.kernel.org>
Subject: Re: [GIT PULL] 9p updates for 4.19

On Fri, Aug 17, 2018 at 2:37 PM Dominique Martinet
<asmadeus@...ewreck.org> wrote:
>
> I thought the the same thing (that you never saw the first version) when
> I wrote the request-pull email and adjusted the text -- I wasn't aware
> the tag should have the same text as the mail but will pay attention to
> that in the future, it does make sense.

The tag doesn't have to have the same text, it's just that when you
send it to me, and I get a message saying "this is the second
version", and I haven't seen a first one, that makes me go "Hmm."

> > And it comes from a github address, with a pgp key that I've not seen
> > before, and without me having been told about said maintainership
> > updates. And while the  key has a lot of signatures, none of them are
> > any that I have recognized previously from kernel development.
>
> I agree on this point, and will have a different key with at least some
> kernel developers signatures for 4.20

I don't reall yneed to absolutely have some signature chain for the
keys - but I do want to know that it's not some maintainership fight
brewing, and I'd *really* like to see explicit acknowledgement from
people about this all.

The pgp signature is useful even without the chain of other people
signing it, since it's still going to mean (going forward) that the
same person who controls the key is sending me pull requests. So it's
worth it even without the absolute chain.

But the first time I pull is special. For me, the MAINTAINERS file
currently still says

  [torvalds@i7 linux]$ ./scripts/get_maintainer.pl fs/9p/
  Eric Van Hensbergen <ericvh@...il.com> (maintainer:9P FILE SYSTEM)
  Ron Minnich <rminnich@...dia.gov> (maintainer:9P FILE SYSTEM)
  Latchesar Ionkov <lucho@...kov.net> (maintainer:9P FILE SYSTEM)
  v9fs-developer@...ts.sourceforge.net (open list:9P FILE SYSTEM)
  linux-kernel@...r.kernel.org (open list)

and I realize that in practice it's been not very maintained and most
of the patches have just been going through Andrew (actually, _most_
patches haven't really been about 9p at all, but have been about
updating 9p for non-9p work).

So I would basically want to see Andrew and/or others be on record of
saying "yup, this looks good, go ahead and pull from Dominique".

Then, next time you send me a pull request, it will be "all systems
normal", and I won't care about who has signed your key, I'll care a
lot more about "it's the same key as the last time, or at least the
new key is signed by the old key I already recognize for 9p".

That's the main issue for me.

           Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ