[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87k1yrufwj.fsf@concordia.ellerman.id.au>
Date: Thu, 16 Nov 2017 13:16:28 +1100
From: Michael Ellerman <mpe@...erman.id.au>
To: "Tobin C. Harding" <me@...in.cc>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15
"Tobin C. Harding" <me@...in.cc> writes:
> Clearly I am unable to use email.
>
> Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking
> addresses stuff that may know my face.
>
> Adding to CC: Michael - closest kernel developer by proximity that I
> have had direct correspondence with.
>
> Adding to CC: Konstantin - previous correspondence re kernel.org tree hosting.
>
> On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
>> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@...in.cc> wrote:
>> >
>> > I did not sign the tag, it looks like you have not processed this yet.
>> > Do you want me to re-do the pull request on a signed tag?
>>
>> When pulling from github? Absolutely.
>
> Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
> key is not secure is it? Would it not be better to get into the web of
> trust first before requesting you pull any code from me.
Linus will probably respond, but in short it's good to be in the web of
trust, but until you are it's still worth signing your tags.
When you do get some signatures on your key, then we'll be able to see
that all your existing pull requests were really from you.
At the end of the day what matters is that you send good code over a
period of time - and whether the Australian Government agrees that your
name is "Tobin Harding" is somewhat orthogonal to that.
> Web of trust presents a social problem that I am not versed in. With my
> limited knowledge I can present the following solutions.
>
> 1. Get my key signed at linux.conf.au in January in Sydney.
Sounds good, maybe we should have a 15 minute key signing slot at the
kernel miniconf.
> 2. Request a video call with _some_ number of kernel developers to sign
> key (suggested by Konstantin).
> 3. Drive to Canberra and meet face to face with Michael to sign key
> (if he would agree to that).
Yeah if you want to that's no problem, just give me some notice :)
cheers
Powered by blists - more mailing lists