Re: Don't use PGP/GPG signatures in mail that contains patches

From: Eric Wong
Date: Tue Jan 19 2016 - 16:15:40 EST


Andrey Utkin <andrey.od.utkin@xxxxxxxxx> wrote:
> But still, if we encourage signing maillist correspondence, we would
> avoid impersonation attacks. Imagine that somebody sends stupid
> submissions from your name, maintainers shout at you, and your
> reputataion is... changed. Of course, you will be able to sort things
> out after you read the replies and reply that it's not you. But, given
> to openness of maillists, the attacker is able to follow your replies
> and insert his ones. Or to reply to your valid submissions that they are
> not from you.

Is impersonation an actual problem on vger.kernel.org lists?
Reply-to-all conventions on these lists do a great deal to discourage them.