Re: kernel.org frontpage

From: Valdis.Kletnieks@vt.edu
Date: Wed Jan 29 2003 - 13:55:22 EST

Next message: Andi Kleen: "Re: kernel.org frontpage"
Previous message: Chris Friesen: "Re: kernel.org frontpage"
In reply to: Chris Friesen: "Re: kernel.org frontpage"
Next in thread: Russell King: "Re: kernel.org frontpage"
Reply: Russell King: "Re: kernel.org frontpage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 29 Jan 2003 13:36:55 EST, Chris Friesen said:

> Perhaps for the truly paranoid the signatures should be posted to this
> newsgroup and digitally signed by someone trusted.

It's called the PGP web of trust. There's already some 107 signatures on
the PGP key - who else would you want signing it? The point is that we've
already (presumably) proved via the web-of-trust that PGP key 517d0f0e is
in fact the proper key, and that for an intruder to post a valid signature
of a trojaned .tar.gz would require them to *ALSO* compromise the machine
that the signing is done on (hopefully a different machine than ftp.kernel.org).

Yes, an intruder could leave a forged signature with a random key easily. But
to leave a forged signature with the key that's already on my keyring is a
lot harder...

-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech

application/pgp-signature attachment: stored

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: kernel.org frontpage"
Previous message: Chris Friesen: "Re: kernel.org frontpage"
In reply to: Chris Friesen: "Re: kernel.org frontpage"
Next in thread: Russell King: "Re: kernel.org frontpage"
Reply: Russell King: "Re: kernel.org frontpage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Jan 31 2003 - 22:00:22 EST