| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wi6O9cpRxWEnYMXjeMis47456UrVCksV6K_WCgjUmYEXQ@mail.gmail.com>
Date: Tue, 11 Jan 2022 13:21:17 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Mimi Zohar <zohar@...ux.ibm.com>
Cc: linux-integrity <linux-integrity@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] integrity subsystem updates for v5.17
On Mon, Jan 10, 2022 at 2:02 PM Mimi Zohar <zohar@...ux.ibm.com> wrote:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.17
Side note: I can't find the key you're using for the tag signing anywhere.
This isn't new, and I've seen this key before, and I suspect it's just
another new key update that the complete breakdown of all the pgp
keyservers makes hard to get out.
You used to use RSA key 8D2302082EFE723A379ECCD26B792466B03E715A,
which I have, the last few pulls you've been using EDDSA key
1D5D554518DE57A8AAF51E3ECBC19CD1B02AE7E5 that I can't actually find.
It also isn't in the kernel.org pgpkeys repo.
You could try submitting it there:
https://korg.docs.kernel.org/pgpkeys.html#submitting-keys-to-the-keyring
Oh, how I hate pgp. I thought that having git wrap all the key
verification would make it usable (counter-example: the incredible
garbage that is pgp signed email), but then the keyservers stopped
working, and so the keys themselves end up being a problem.
Linus
Powered by blists - more mailing lists