lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wi8-9BCn+KxwtwrZ0g=Xpjin_D3p8ZYoT+4n2hvNeCh+w@mail.gmail.com>
Date: Sat, 20 Jan 2024 09:52:27 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: James Bottomley <James.Bottomley@...senpartnership.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-scsi <linux-scsi@...r.kernel.org>, 
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] final round of SCSI updates for the 6.7+ merge window

On Sat, 20 Jan 2024 at 07:26, James Bottomley
<James.Bottomley@...senpartnership.com> wrote:
>
> As requested, I did a longer extension of my gpg keys, so my key needs
> refreshing, before you pull, to fix the expiry date.  You can get my
> updates via DANE using:
>
> gpg --auto-key-locate dane --recv D5606E73C8B46271BEAD9ADF814AE47C214854D6

No I can't.

I get

  $ gpg --auto-key-locate dane --recv D5606E73C8B46271BEAD9ADF814AE47C214854D6
  gpg: key 814AE47C214854D6: "James Bottomley
<James.Bottomley@...senPartnership.com>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

Fine - maybe I already had the update from the last time...

But no:

  git log --show-signature

says

  commit c25b24fa72c734f8cd6c31a13548013263b26286 (HEAD -> master)
  merged tag 'scsi-misc'
  gpg: Signature made Sat 20 Jan 2024 07:22:08 PST
  gpg:                using ECDSA key E76040DB76CA3D176708F9AAE742C94CEE98AC85
  gpg:                issuer "james.bottomley@...senpartnership.com"
  gpg: Good signature from "James Bottomley
<James.Bottomley@...senPartnership.com>" [full]
  gpg:                 aka "James Bottomley <jejb@...nel.org>" [full]
  gpg:                 aka "[jpeg image of size 5254]" [full]
  gpg:                 aka "James Bottomley <jejb@...ux.vnet.ibm.com>" [unknown]
  gpg:                 aka "James Bottomley <jejb@...ux.ibm.com>" [unknown]
  gpg: Note: This key has expired!
  Primary key fingerprint: D560 6E73 C8B4 6271 BEAD  9ADF 814A E47C 2148 54D6
       Subkey fingerprint: E760 40DB 76CA 3D17 6708  F9AA E742 C94C EE98 AC85

and fighting that ^&%%$^ gpg command to try to figure out why, I still see

  gpg: Note: signature key E742C94CEE98AC85 expired 2024-01-16 11:39:15
  sub   nistp256 2018-01-23 [S] [expired: 2024-01-16]
        E760 40DB 76CA 3D17 6708  F9AA E742 C94C EE98 AC85

and that's the one you signed with.

This mess continues to happen only with your crazy setup.

                        Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ