lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20160119210547.GA2822@dcvr.yhbt.net>
Date:	Tue, 19 Jan 2016 21:05:47 +0000
From:	Eric Wong <normalperson@...t.net>
To:	Andrey Utkin <andrey.od.utkin@...il.com>
Cc:	Jeff King <peff@...f.net>, linux-kernel@...r.kernel.org,
	git@...r.kernel.org
Subject: Re: Don't use PGP/GPG signatures in mail that contains patches

Andrey Utkin <andrey.od.utkin@...il.com> wrote:
> But still, if we encourage signing maillist correspondence, we would
> avoid impersonation attacks. Imagine that somebody sends stupid
> submissions from your name, maintainers shout at you, and your
> reputataion is... changed. Of course, you will be able to sort things
> out after you read the replies and reply that it's not you. But, given
> to openness of maillists, the attacker is able to follow your replies
> and insert his ones. Or to reply to your valid submissions that they are
> not from you.

Is impersonation an actual problem on vger.kernel.org lists?
Reply-to-all conventions on these lists do a great deal to discourage them.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ