lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Oct 2011 09:18:29 -0700 From: Greg KH <greg@...ah.com> To: Willy Tarreau <w@....eu> Cc: linux-kernel@...r.kernel.org Subject: Re: Answers to some common kernel.org account questions On Sat, Oct 15, 2011 at 08:42:42AM +0200, Willy Tarreau wrote: > Hi Greg, > > On Fri, Oct 14, 2011 at 09:21:00AM -0600, Greg KH wrote: > > WHAT ABOUT FILE UPLOADS? > > > > The "robot signing" of uploaded files that was used in the past is no > > longer considered to be sufficiently secure, so a new policy has been > > instituted. A new tool ("kup") has been developed to help with the > > implementation of that policy; it works in a manner similar to the > > upload system used by the Debian project. > > > > The kup tool will require developers to sign files with their PGP key > > prior to uploading to kernel.org. This mechanism will keep the private > > signing keys from ever being stored on kernel.org (or any other server). > > More information will be made available once the file upload capability > > is restored. > > Please reassure me, we will only have to upload the sig, not the whole > file ? That is what we are working on doing, there are still a few things left to resolve to enable this to work properly, which is why it hasn't been implemented yet. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists