From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935362Ab1JFIEd (ORCPT ); Thu, 6 Oct 2011 04:04:33 -0400 Received: from filtteri6.pp.htv.fi ([213.243.153.189]:47510 "EHLO filtteri6.pp.htv.fi" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932374Ab1JFIEb (ORCPT ); Thu, 6 Oct 2011 04:04:31 -0400 Date: Thu, 6 Oct 2011 11:04:26 +0300 From: Adrian Bunk To: Thomas Gleixner Cc: "Ted Ts'o" , "Frank Ch. Eigler" , Valdis.Kletnieks@vt.edu, "H. Peter Anvin" , "Rafael J. Wysocki" , Linux Kernel Mailing List , Greg KH Subject: Re: kernel.org status: establishing a PGP web of trust Message-ID: <20111006080425.GB25753@localhost.pp.htv.fi> References: <20111003093239.GB25136@localhost.pp.htv.fi> <20111003180441.GD3072@localhost.pp.htv.fi> <34045.1317760188@turing-police.cc.vt.edu> <20111004223932.GA3460@localhost.pp.htv.fi> <20111004231730.GB17089@redhat.com> <20111005075438.GA29441@localhost.pp.htv.fi> <20111005170616.GD4297@thunk.org> <20111005192349.GA14406@localhost.pp.htv.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 06, 2011 at 01:57:24AM +0200, Thomas Gleixner wrote: > On Wed, 5 Oct 2011, Adrian Bunk wrote: >... > > Let me paraphrase my question: > > "Whose signatures do I need on my key so that it will be accepted > > at kernel.org?" > > Your understanding of key signing seems to be that some technical > measure which makes the key valid is enough to enter a web of trust. > > Webs of trust cannot be built nor entered by any technical means. > > A web of trust is built by personal relationships and the key signing > is just a technical measure to express that. > > I really do not care about your ID card, because it's a fact that > people got keys signed by showing fake IDs. > > > With that information I can check if one email to a few local people to > > have a local keysigning is enough. > > Whatfor? To regain your k.org account? Can you provide a single > reason why that should happen? > > I can't think of one. You vanished away with a big bang and now you > come back out of the blue and assume that you're a trusted person just > by slapping a few signs on your key? I would say I vanished silently after several big bangs with you and other people and some other incidents, but that's not really relevant. My main reason for regaining my kernel.org account is that I heavily used my bunk@kernel.org address for kernel development (just check the kernel history), and I was still getting emails to that. Assuming the @kernel.org addresses will not vanish, I need accepted credential for accessing that address. > > Or if I have to bother Linus to meet me and sign my key the next > > time he is here in Helsinki. > > And how would that change the fact that your personal trust value in > this community is exactly ZERO? Your trust in me is exactly zero, and that wouldn't change if you'd sign my key. And for some other people in this community the same is surely also true. Now I can laugh about the incident when a member of the program commitee (sic) of a kernel summit sent me an angry "Why didn't you take your seat?" email - it turned out I was not invited. I don't know anything about the behind-the-scenes politics of kernel development, but I got the message that some people want to avoid my physical presence, and will not impose that on anyone who does not want to meet me. [1] > As your idea of trust seems to be based on an ID card you better find > some other place with people who are stupid enough to believe that > technical measures can replace deep personal trust. We are talking about the technical requirements for regaining an account I was trusted to have before. If anyone accepts patches from me, or if Linus will ever again pull git trees from me, are questions completely unrelated to whether you or he or anyone else signs my key. > Thanks, > > tglx cu Adrian [1] And my "have to bother Linus to meet me" was intended as asking him if it would be possible, I wouldn't do stalking if he'd refuse. -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed