lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 07 May 2019 19:09:48 +0000
From:   Kirill Smelkov <kirr@...edi.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Al Viro <viro@...iv.linux.org.uk>, Arnd Bergmann <arnd@...db.de>,
        Christoph Hellwig <hch@....de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Pavel Machek <pavel@...x.de>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Miklos Szeredi <miklos@...redi.hu>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Linux List Kernel Mailing <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 0/3] stream_open bits for Linux 5.2

On Tue, May 07, 2019 at 11:54:21AM -0700, Linus Torvalds wrote:
> On Mon, May 6, 2019 at 10:20 AM Kirill Smelkov <kirr@...edi.com> wrote:
> >
> > Maybe it will help: the patches can be also pulled from here:
> >
> >         git pull https://lab.nexedi.com/kirr/linux.git y/stream_open-5.2
> 
> I'll take this, but I generally *really* want a signed tag for
> non-kernel.org git tree sources. The gpg key used for signing doesn't
> necessarily even have to be signed by others yet, but just the fact
> that there's a pgp key means that then future pulls at least verify
> that it's the sam,e controlling entity, and we can get the signatures
> later.
>
> For something one-time where I will then look through the details of
> each commit it's not like I absolutely require it, which is why I'm
> pulling it, but just in general I wanted to point this out.
> 
>                         Linus

Thanks a lot.

I've pushed corresponding gpg-signed tag (stream_open-5.2) to my tree. I
did not go the gpg way initially because we do not have a gpg-trust
relation established and so I thought that signing was useless.

Just for the record, here is the key that was used to make the
signature: https://pgp.key-server.io/search/kirr@nexedi.com
(fingerprint: 0955B024250EEFFCFE42365B66CA788413F67549)

Kirill

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ