Re: kernel.org status: establishing a PGP web of trust
From: Randy Dunlap
Date: Sat Oct 01 2011 - 18:37:05 EST
On 10/01/11 15:27, H. Peter Anvin wrote:
> On 10/01/2011 02:33 PM, Rafael J. Wysocki wrote:
>> OK, how long should the new key be valid?
> That is a good question. At the very least you want it to be valid for
> long enough that you will be able to get enough signatures on a new key
> *before* your old key expires. As such I would recommend 3-5 years
> depending on how much you trust yourself to keep the key secure.
> Some people have decided to opt for an unlimited key, but that
> *requires* that you have a way to revoke the old key, which is why we
> are considering a key revocation escrow service.
Who needs these privacy keys? Is it just (git) users of kernel.org?
so people who send patches via email do not need to do this process?
or are we headed into sign-all-patches territory soonish?
*** Remember to use Documentation/SubmitChecklist when testing your code ***
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/