| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111215190846.GA2709@thunk.org>
Date: Thu, 15 Dec 2011 14:08:46 -0500
From: Ted Ts'o <tytso@....edu>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] ext4 bugfixes for 3.2-rc5
On Wed, Dec 14, 2011 at 06:50:07PM -0800, Linus Torvalds wrote:
> On Wed, Dec 14, 2011 at 11:20 AM, Theodore Ts'o <tytso@....edu> wrote:
> >
> > There is a signed tag tytso-for-linus-20111214 covering these patches,
> > which fix a potential hang, crash (on big endian), and data corruption
> > bugs which show up when using fsx and/or Hugh's kernel compile/mm
> > torture test.
>
> Ok, since I build my own git versions, I have one that can pull signed
> tags and automatically verifies them and saves the signed tag
> information as part of the commit object.
Cool! Does it save enough that GPG signature information can be
verified later? I'm a little fuzzy on what is covered by the
signature which gets verified when you run the command "git verify-tag
tytso-for-linus-20111214". Better yet, does the new version of git
have a command that will automatically verify the digital signature
found in a merge commit?
And this isn't in 1.7.8 yet, right? I'd have to build version of git
based on the next branch to play with this new signatury goodness?
- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists