From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755484Ab1IGQBL (ORCPT <rfc822;w@1wt.eu>);
	Wed, 7 Sep 2011 12:01:11 -0400
Received: from imr4.ericy.com ([198.24.6.9]:56435 "EHLO imr4.ericy.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752570Ab1IGQBB (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 7 Sep 2011 12:01:01 -0400
Date: Wed, 7 Sep 2011 06:50:52 -0700
From: Guenter Roeck <guenter.roeck@ericsson.com>
To: Jean Delvare <khali@linux-fr.org>
CC: Linus Torvalds <torvalds@linux-foundation.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "lm-sensors@lm-sensors.org" <lm-sensors@lm-sensors.org>
Subject: Re: [lm-sensors] [GIT PULL] hwmon fixes for 3.1
Message-ID: <20110907135052.GA26868@ericsson.com>
References: <1315325608-17922-1-git-send-email-guenter.roeck@ericsson.com>
 <CA+55aFwy-YPNHnJp6C6BRA-QfEtMoVHuxN9Uxg=p=0PwaWyXaQ@mail.gmail.com>
 <20110907014725.GC22609@ericsson.com>
 <20110907092816.4634b657@endymion.delvare>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20110907092816.4634b657@endymion.delvare>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Sep 07, 2011 at 03:28:16AM -0400, Jean Delvare wrote:
[ ... ]
> 
> When you created this account on kernel.org, you used a PGP key to
> identify yourself, didn't you? If you sign your message with that key,
> then a few people (basically the kernel.org maintainers) will be able
> to confirm that you are the same person who had a trusted kernel.org
> account. I don't know if Linus has the list though.
> 
> What surprises me a little is that I don't have your public key in my
> keyring, and I can't seem to be able to find it on public servers
> either. You really should push your key to public key servers,
> otherwise a signed message from you has no value in general.
> 
Yeah, one may notice that I am not a security guy and don't pay sufficient
attention to such matters.

> Obviously it's a little late now though. The whole idea of trust and
> signatures is to keep the level of trust after odd events such as the
> kernel.org break-in. For this, keys must have been exchanged, tested
> and trusted long before said event happens.
> 
Agreed.

Guenter