lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Jan 2022 13:21:17 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Mimi Zohar <zohar@...ux.ibm.com>
Cc:     linux-integrity <linux-integrity@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] integrity subsystem updates for v5.17

On Mon, Jan 10, 2022 at 2:02 PM Mimi Zohar <zohar@...ux.ibm.com> wrote:
>
>   git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.17

Side note: I can't find the key you're using for the tag signing anywhere.

This isn't new, and I've seen this key before, and I suspect it's just
another new key update that the complete breakdown of all the pgp
keyservers makes hard to get out.

You used to use RSA key 8D2302082EFE723A379ECCD26B792466B03E715A,
which I have, the last few pulls you've been using EDDSA key
1D5D554518DE57A8AAF51E3ECBC19CD1B02AE7E5 that I can't actually find.

It also isn't in the kernel.org pgpkeys repo.

You could try submitting it there:

  https://korg.docs.kernel.org/pgpkeys.html#submitting-keys-to-the-keyring

Oh, how I hate pgp. I thought that having git wrap all the key
verification would make it usable (counter-example: the incredible
garbage that is pgp signed email), but then the keyservers stopped
working, and so the keys themselves end up being a problem.

              Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ