| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Sep 2021 10:34:14 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
Cc: ntfs3@...ts.linux.dev,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] ntfs3: new NTFS driver for 5.15
On Fri, Sep 3, 2021 at 8:19 AM Konstantin Komarov
<almaz.alexandrovich@...agon-software.com> wrote:
>
> https://github.com/Paragon-Software-Group/linux-ntfs3.git master
Oh, I didn't notice this until now, as I was lining up to actually pull this.
I probably forgot to say this originally:
For github accounts (or really, anything but kernel.org where I can
just trust the account management), I really want the pull request to
be a signed tag, not just a plain branch.
In a perfect world, it would be a PGP signature that I can trace
directly to you through the chain of trust, but I've never actually
required that.
So while I prefer to see a full chain of trust, I realize that isn't
always easy to set up, and so at least I want to see an "identity"
that stays constant so that I can see that pulls come from the same
consistent source that controls that key.
(We've also had situations where the chain of trust just didn't exist
_yet_, but then later on it can be established as a developer ends up
becoming more integral in the community)
Signed tags are easy to use - the hardest part is having any pgp key
setup at all, then git makes using the keys trivial with "git tag -s
.."
Linus
Powered by blists - more mailing lists