lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e645dbdcd74699ff92242c51f743cffe0ea3ae14.camel@linux.ibm.com>
Date:   Tue, 11 Jan 2022 17:54:52 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-integrity <linux-integrity@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] integrity subsystem updates for v5.17

On Tue, 2022-01-11 at 13:21 -0800, Linus Torvalds wrote:
> On Mon, Jan 10, 2022 at 2:02 PM Mimi Zohar <zohar@...ux.ibm.com> wrote:
> >
> >   git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.17
> 
> Side note: I can't find the key you're using for the tag signing anywhere.
> 
> This isn't new, and I've seen this key before, and I suspect it's just
> another new key update that the complete breakdown of all the pgp
> keyservers makes hard to get out.
> 
> You used to use RSA key 8D2302082EFE723A379ECCD26B792466B03E715A,
> which I have, the last few pulls you've been using EDDSA key
> 1D5D554518DE57A8AAF51E3ECBC19CD1B02AE7E5 that I can't actually find.

Yes, I received the Nitrokey Start and followed the maintainer-pgp-
guide (and Nitrokey) directions at the time.  It was hard finding a
working gpg server, but I finally found one, at least I thought I found
one.

> 
> It also isn't in the kernel.org pgpkeys repo.
> 
> You could try submitting it there:
> 
>   https://korg.docs.kernel.org/pgpkeys.html#submitting-keys-to-the-keyring
> 
> Oh, how I hate pgp. I thought that having git wrap all the key
> verification would make it usable (counter-example: the incredible
> garbage that is pgp signed email), but then the keyservers stopped
> working, and so the keys themselves end up being a problem.

Submitted.

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ