| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 02 Oct 2011 18:18:43 -0700
From: Ben Pfaff <blp@...stanford.edu>
To: "H. Peter Anvin" <hpa@...or.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: kernel.org status: establishing a PGP web of trust
"H. Peter Anvin" <hpa@...or.com> writes:
> 5. Get as many other kernel developers that you have physical access to
> to sign your key after verifying the fingerprint. Verifying keys
> over the phone is OK if and only if you know them *extremely* well;
> think "would I be willing to testify in court that the person I
> talked to was X"?
There is already an extensive Debian web of trust, and along with
it a keysigning coordination effort and even a long list of
Debian developers who offer to sign keys, with their physical
locations and email addresses:
http://wiki.debian.org/Keysigning/Offers
I wonder whether either effort would benefit from joining forces?
I am also sure that there is overlap between Debian developers
and kernel developers.
--
Ben Pfaff
http://benpfaff.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists