| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Feb 2012 14:29:00 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Anton Vorontsov <cbouatmailru@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
David Woodhouse <dwmw2@...radead.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] battery-urgent.git
On Mon, Feb 13, 2012 at 12:15 PM, Anton Vorontsov
<cbouatmailru@...il.com> wrote:
>
> Let's try requesting pull via the signed tag thing...
Well, it works, but your key currently isn't signed by *anybody*, so
right now it is a bit pointless.
That said, if you get it signed by more people in the future, the
signature that stays around in the kernel will become more meaningful
than it is today.
Qnd even in the absence of that, any future pushes using the same key
will obviously show that the git tree is controlled by somebody who
has access to that same key. So a gpg signature has *some* meaning
even when there is no external sign of trust, but it really is not
nearly as meaningful as it could be.
I don't know where you are physically, but we've got a fairly
geographically wide set of keys these days, so I think it should be
possible to get that key signed by some relevant people.. Hmm?
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists