From: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
To: "Uwe Kleine-König" <ukleinek@kernel.org>
Cc: Konstantin Ryabitsev <mricon@kernel.org>,
Greg KH <gregkh@linuxfoundation.org>,
users@kernel.org, ksummit@lists.linux.dev
Subject: Re: Web of Trust work [Was: kernel.org tooling update]
Date: Tue, 27 Jan 2026 00:33:26 +0100 [thread overview]
Message-ID: <20260127003326.1862e801@foz.lan> (raw)
In-Reply-To: <x5nnix4t2w74flef4xnivzw43gx7wdk7v3cirawq52qfd6qdty@he74b5uk26zc>
On Mon, 26 Jan 2026 18:32:22 +0100
Uwe Kleine-König <ukleinek@kernel.org> wrote:
> > > Just to ensure we're talking about the same thing: This is about calling
> > > a script once a week or so, check the resulting diff, commit and push,
> > > right?
> >
> > This is for updates, yes, and this is mostly hands-off except final review.
> > Adding new keys is usually a lot more involved, because there's frequently a
> > back-and-forth required (they sent a key without any signatures, there is not
> > enough signatures, the signatures are too far removed from Linus, etc). We
> > currently have about 600 keys in the keyring we maintain, and we clearly can
> > do a much better job like being more proactive when someone's expiry date is
> > approaching. I'm worried that if we tried to maintain a keyring for several
> > thousand people as opposed to several hundred, this would snowball into an
> > unmaintainable mess.
>
> Actually I'd like to see you/us add still more burden and asking
> developers to only hand in keys with an expiry date <= (say) 3 years.
> Something similar to what
I would love to replace my main PGP key with a new one using a strong
post-quantum algorithm[1], and then using revocable sub-keys with a
small expiry periods (3 to 5 years), but there are some technical and
logistical issues [2]:
- gpg 2.4 doesn't seem to support to support it;
- "updating to 2.5 would result in new users generating incompatible
LibrePGP keys" (from LWN.net post at [2]);
- a change like that would require to restore the web of trust,
asking people to resign your certs. Not hard to do on a
conference, but doing it remotely, the right way, is not trivial.
So, I guess we need to wait for a couple of extra gpg versions
(or alternatives) to do it at the best moment - while keeping
our old keychain in place as a fallback.
[1] Replacing with traditional crypto algorithms is probably not
worth, as, quantum computers are becoming a reality soon.
[2] https://lwn.net/Articles/1055053/
Thanks,
Mauro
next prev parent reply other threads:[~2026-01-26 23:33 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-10 4:48 kernel.org tooling update Konstantin Ryabitsev
2025-12-10 8:11 ` Mauro Carvalho Chehab
2025-12-10 13:30 ` Thorsten Leemhuis
2025-12-11 3:04 ` Theodore Tso
2025-12-12 23:48 ` Stephen Hemminger
2025-12-12 23:54 ` Randy Dunlap
2025-12-16 16:21 ` Lukas Wunner
2025-12-16 20:33 ` Jeff Johnson
2025-12-17 0:47 ` Mario Limonciello
2025-12-18 13:37 ` Jani Nikula
2025-12-18 14:09 ` Mario Limonciello
2026-01-23 9:19 ` Web of Trust work [Was: kernel.org tooling update] Uwe Kleine-König
2026-01-23 9:29 ` Greg KH
2026-01-23 11:47 ` Mauro Carvalho Chehab
2026-01-23 11:58 ` Greg KH
2026-01-23 12:24 ` Mauro Carvalho Chehab
2026-01-23 12:29 ` Greg KH
2026-01-23 13:57 ` Konstantin Ryabitsev
2026-01-23 16:24 ` James Bottomley
2026-01-23 16:33 ` Greg KH
2026-01-23 16:42 ` Joe Perches
2026-01-23 17:00 ` Steven Rostedt
2026-01-23 17:23 ` James Bottomley
2026-01-23 18:23 ` Konstantin Ryabitsev
2026-01-23 21:12 ` Uwe Kleine-König
2026-01-26 16:23 ` Konstantin Ryabitsev
2026-01-26 17:32 ` Uwe Kleine-König
2026-01-26 21:01 ` Konstantin Ryabitsev
2026-01-26 23:23 ` James Bottomley
2026-01-27 8:39 ` Uwe Kleine-König
2026-01-27 21:08 ` Linus Torvalds
2026-02-04 10:49 ` Uwe Kleine-König
2026-02-05 10:14 ` James Bottomley
2026-02-05 18:07 ` Uwe Kleine-König
2026-02-05 18:23 ` Konstantin Ryabitsev
2026-01-26 23:33 ` Mauro Carvalho Chehab [this message]
2026-01-26 23:06 ` Mauro Carvalho Chehab
2026-01-23 21:38 ` James Bottomley
2026-01-23 22:55 ` Mauro Carvalho Chehab
2026-01-23 16:38 ` Konstantin Ryabitsev
2026-01-23 17:02 ` Paul Moore
2026-03-08 7:21 ` Uwe Kleine-König
2026-03-08 10:24 ` Greg KH
2026-03-18 14:02 ` Greg KH
2026-01-23 18:42 ` kernel.org tooling update Randy Dunlap
2026-02-26 8:44 ` slowly decommission bugzilla? (was: Re: kernel.org tooling update) Thorsten Leemhuis
2026-02-26 14:40 ` Andrew G. Morgan
2026-02-26 17:04 ` Andrew Morton
2026-02-27 11:07 ` Jani Nikula
2026-02-27 15:16 ` Steven Rostedt
2026-02-27 15:18 ` Mark Brown
2026-02-27 15:44 ` Steven Rostedt
2026-02-27 15:18 ` slowly decommission bugzilla? Sven Peter
2026-02-27 15:35 ` slowly decommission bugzilla? (was: Re: kernel.org tooling update) Richard Weinberger
2026-02-27 16:00 ` Geert Uytterhoeven
2026-02-27 16:22 ` Richard Weinberger
2026-02-27 16:29 ` Peter Zijlstra
2026-02-27 17:07 ` James Bottomley
2026-02-28 13:41 ` slowly decommission bugzilla? Thorsten Leemhuis
2026-02-28 15:17 ` Richard Weinberger
2026-02-28 17:40 ` Linus Torvalds
2026-02-28 18:29 ` Richard Weinberger
2026-02-28 20:26 ` Steven Rostedt
2026-02-28 20:28 ` Richard Weinberger
2026-02-28 20:56 ` Steven Rostedt
2026-03-01 15:23 ` Sasha Levin
2026-03-01 15:35 ` Laurent Pinchart
2026-03-01 15:42 ` Sasha Levin
2026-03-01 16:13 ` Laurent Pinchart
2026-03-01 16:27 ` Sasha Levin
2026-03-06 15:01 ` Laurent Pinchart
2026-03-07 16:19 ` Sasha Levin
2026-03-01 16:15 ` James Bottomley
2026-03-01 16:49 ` Laurent Pinchart
2026-03-02 8:55 ` Mauro Carvalho Chehab
2026-03-01 17:33 ` Linus Torvalds
2026-03-02 20:28 ` [RFC] kallsyms: embed source file:line info in kernel stack traces Sasha Levin
2026-03-03 5:39 ` Alexey Dobriyan
2026-03-03 12:44 ` Sasha Levin
2026-03-03 13:17 ` Steven Rostedt
2026-03-03 16:35 ` Sasha Levin
2026-03-06 15:22 ` Laurent Pinchart
2026-03-03 19:09 ` Alexey Dobriyan
2026-03-03 6:26 ` Richard Weinberger
2026-03-03 6:48 ` Tomasz Figa
2026-03-03 9:04 ` Vlastimil Babka (SUSE)
2026-03-03 12:45 ` Sasha Levin
2026-03-03 8:11 ` Geert Uytterhoeven
2026-03-03 9:31 ` Jiri Slaby
2026-03-03 12:47 ` Sasha Levin
2026-03-03 12:58 ` James Bottomley
2026-03-03 13:08 ` Jürgen Groß
2026-03-03 8:09 ` Geert Uytterhoeven
2026-03-03 22:44 ` Helge Deller
2026-03-03 22:47 ` Sasha Levin
2026-03-01 16:01 ` slowly decommission bugzilla? James Bottomley
2026-03-01 16:16 ` Sasha Levin
2026-03-01 16:25 ` James Bottomley
2026-03-01 16:33 ` Sasha Levin
2026-03-06 10:37 ` Richard Weinberger
2026-03-06 10:44 ` Geert Uytterhoeven
2026-03-15 14:58 ` Richard Weinberger
2026-03-16 11:28 ` Greg KH
2026-03-16 21:56 ` Richard Weinberger
2026-03-17 7:51 ` Greg Kroah-Hartman
2026-04-02 4:59 ` slowly decommission bugzilla? (was: Re: kernel.org tooling update) Konstantin Ryabitsev
2026-04-02 13:07 ` Theodore Tso
2026-04-02 13:28 ` Konstantin Ryabitsev
2026-04-02 14:08 ` Theodore Tso
2026-04-02 14:21 ` Konstantin Ryabitsev
2026-04-02 14:49 ` Steven Rostedt
2026-04-02 13:51 ` James Bottomley
2026-04-02 13:42 ` slowly decommission bugzilla? Thorsten Leemhuis
2026-04-02 14:04 ` Konstantin Ryabitsev
2026-04-02 14:15 ` Richard Weinberger
2026-04-02 15:45 ` Laurent Pinchart
2026-04-02 16:04 ` Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260127003326.1862e801@foz.lan \
--to=mchehab+huawei@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=ksummit@lists.linux.dev \
--cc=mricon@kernel.org \
--cc=ukleinek@kernel.org \
--cc=users@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.