Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15

From: Tobin C. Harding
Date: Wed Nov 15 2017 - 16:21:27 EST


Clearly I am unable to use email.

Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking
addresses stuff that may know my face.

Adding to CC: Michael - closest kernel developer by proximity that I
have had direct correspondence with.

Adding to CC: Konstantin - previous correspondence re kernel.org tree hosting.

On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@xxxxxxxx> wrote:
> >
> > I did not sign the tag, it looks like you have not processed this yet.
> > Do you want me to re-do the pull request on a signed tag?
>
> When pulling from github? Absolutely.

Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
key is not secure is it? Would it not be better to get into the web of
trust first before requesting you pull any code from me.

Web of trust presents a social problem that I am not versed in. With my
limited knowledge I can present the following solutions.

1. Get my key signed at linux.conf.au in January in Sydney.
2. Request a video call with _some_ number of kernel developers to sign
key (suggested by Konstantin).
3. Drive to Canberra and meet face to face with Michael to sign key
(if he would agree to that).

I'm guessing I've missed the boat for this merge window so the option
that imposes the least on other developers time is option 1, get my key
signed by a bunch of kernel developers at LCA.

Also, once I get in the web of trust I can apply to get my tree hosted
on git.kernel.org so you don't have to pull from GitHub.

Please advise when, and if, you have time.

thanks,
Tobin.