[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110907013750.GA25150@khazad-dum.debian.net>
Date: Tue, 6 Sep 2011 22:37:50 -0300
From: Henrique de Moraes Holschuh <hmh@....eng.br>
To: Mauro Carvalho Chehab <mchehab@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
git@...r.kernel.org
Subject: Re: Linux 3.1-rc5
On Mon, 05 Sep 2011, Mauro Carvalho Chehab wrote:
> It would be great if "git remote update" could also verify the tag
> signature (if present), as most of us just do a "git remote update".
That helps, and it really should be all that matter for a power-end-user
that just wants to build his kernel from a git tree.
However, one can still try to trick someone to base the tree he's going to
use for a future pull request on a tree with a rogue commit, in order to
try to get the rogue commit into mainline through an indirect path, for
example.
Yeah, it is very obvious, and not a real major point of concern around
LKML: we all check the diff, log or shortlog between the tree we're
offering upstream to pull from) and the current upstream tree for any
stray commits after all (if only to avoid embarassing mistakes). And
upstream does his/her own checks before keeping the merged tree, and so
forth.
It's just that the security of the kernel source trees are not a simple
consequence of how git works: the workflow matters. I feel that point
deserves to be stressed every once in a while, however obvious it might
be.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists