| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E87960A.9090104@xenotime.net> Date: Sat, 01 Oct 2011 15:36:58 -0700 From: Randy Dunlap <rdunlap@...otime.net> To: "H. Peter Anvin" <hpa@...or.com> CC: "Rafael J. Wysocki" <rjw@...k.pl>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Greg KH <gregkh@...e.de>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: kernel.org status: establishing a PGP web of trust On 10/01/11 15:27, H. Peter Anvin wrote: > On 10/01/2011 02:33 PM, Rafael J. Wysocki wrote: >> >> OK, how long should the new key be valid? >> > > That is a good question. At the very least you want it to be valid for > long enough that you will be able to get enough signatures on a new key > *before* your old key expires. As such I would recommend 3-5 years > depending on how much you trust yourself to keep the key secure. > > Some people have decided to opt for an unlimited key, but that > *requires* that you have a way to revoke the old key, which is why we > are considering a key revocation escrow service. Who needs these privacy keys? Is it just (git) users of kernel.org? so people who send patches via email do not need to do this process? or are we headed into sign-all-patches territory soonish? -- ~Randy *** Remember to use Documentation/SubmitChecklist when testing your code *** -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists