Re: leaking_addresses script..

Re: leaking_addresses script..

[Tobin C. Harding]

Re-send with the _actual_ CC's

Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking
addresses stuff that may know my face.

Adding to CC: Michael - closest kernel developer by proximity that I
have had direct correspondence with.

Adding to CC: Konstantin - previous correspondence re kernel.org tree hosting. 

On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@tobin.cc> wrote:
> >
> > I did not sign the tag, it looks like you have not processed this yet.
> > Do you want me to re-do the pull request on a signed tag?
> 
> When pulling from github? Absolutely.

Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
key is not secure is it? Would it not be better to get into the web of
trust first before requesting you pull any code from me.

Web of trust presents a social problem that I am not versed in. With my
limited knowledge I can present the following solutions.

1. Get my key signed at linux.conf.au in January in Sydney.
2. Request a video call with _some_ number of kernel developers to sign
   key (suggested by Konstantin).
3. Drive to Canberra and meet face to face with Michael to sign key
   (if he would agree to that).

I'm guessing I've missed the boat for this merge window so the option
that imposes the least on other developers time is option 1, get my key
signed by a bunch of kernel developers at LCA.

Also, once I get in the web of trust I can apply to get my tree hosted
on git.kernel.org so you don't have to pull from GitHub.

Please advise when, and if, you have time.

thanks,
Tobin.

Re: leaking_addresses script..

[Linus Torvalds]

On Wed, Nov 15, 2017 at 1:11 PM, Tobin C. Harding <me@tobin.cc> wrote:
>
> Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
> key is not secure is it? Would it not be better to get into the web of
> trust first before requesting you pull any code from me.

Oh, I absolutely take signed pulls from new people who haven't gotten
their keys with a full chain of trust to me..

I do it for a few different reasons:

 - the real trust is *never* in the key. People who trust
technological measures are morons. You trust *people*, not keys. The
technical measures are a shorthand and a help, not the basis.

 - I can just check the code

 - even if you never get your key signed by anybody else, it's still a
sort of "identity" in the sense of me getting the pull requests from
the same person (or key controlling group)

 - you probably *will* get your key signed by somebody else later, and
it's all good, and that will show even in the commits before you got
the signing done.

It's not like we require that people send emailed patches with pgp
signing either.

So I require keys for pull requests even if I can't see the full chain
of trust simply because of those two last issues: it's still an
identity, and one that I expect will eventually be signed.

             Linus

Re: leaking_addresses script..

[Konstantin Ryabitsev]

On Thu, Nov 16, 2017 at 08:11:24AM +1100, Tobin C. Harding wrote:
>On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
>> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@tobin.cc> wrote:
>> >
>> > I did not sign the tag, it looks like you have not processed this yet.
>> > Do you want me to re-do the pull request on a signed tag?
>>
>> When pulling from github? Absolutely.
>
>Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
>key is not secure is it? Would it not be better to get into the web of
>trust first before requesting you pull any code from me.

Many kernel developers use "Trust on First Use" (TOFU) approach, which 
is not unreasonable -- it's what ssh has been using for the past couple 
of decades. In the end, the goal of tag signing is not to verify your 
*identity* but to verify that Tobin C. Harding from today is the same 
Tobin C.  Harding whose code was reviewed and merged 3 months ago.

>Also, once I get in the web of trust I can apply to get my tree hosted
>on git.kernel.org so you don't have to pull from GitHub.

We have different rules for issuing actual accounts at kernel.org. We 
*do* rely on the web of trust, since I personally have no way of 
verifying who is a real developer and who isn't. Even then, I don't 
really care about your identity as much as I need to have assurances 
from other members of kernel.org that they have worked with you 
previously and they can vouch that you are their fellow kernel 
developer.

-K

Re: leaking_addresses script..

[Tobin C. Harding]

On Wed, Nov 15, 2017 at 01:20:20PM -0800, Linus Torvalds wrote:
> On Wed, Nov 15, 2017 at 1:11 PM, Tobin C. Harding <me@tobin.cc> wrote:
> >
> > Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
> > key is not secure is it? Would it not be better to get into the web of
> > trust first before requesting you pull any code from me.
> 
> Oh, I absolutely take signed pulls from new people who haven't gotten
> their keys with a full chain of trust to me..

Awesome, new tag signed pull request to come.

> I do it for a few different reasons:
> 
>  - the real trust is *never* in the key. People who trust
> technological measures are morons. You trust *people*, not keys. The
> technical measures are a shorthand and a help, not the basis.
> 
>  - I can just check the code
> 
>  - even if you never get your key signed by anybody else, it's still a
> sort of "identity" in the sense of me getting the pull requests from
> the same person (or key controlling group)
> 
>  - you probably *will* get your key signed by somebody else later, and
> it's all good, and that will show even in the commits before you got
> the signing done.
> 
> It's not like we require that people send emailed patches with pgp
> signing either.
> 
> So I require keys for pull requests even if I can't see the full chain
> of trust simply because of those two last issues: it's still an
> identity, and one that I expect will eventually be signed.

Thanks for taking the time it explain things to me. Please expect all
future 'process' mistakes by myself to come in multiples - I know you are
so quick on the email as soon as I notice a mistake I rush to fix it,
usually botching it again :)

Again, thanks,
Tobin.

Re: leaking_addresses script..

[Tobin C. Harding]

On Wed, Nov 15, 2017 at 04:31:56PM -0500, Konstantin Ryabitsev wrote:
> On Thu, Nov 16, 2017 at 08:11:24AM +1100, Tobin C. Harding wrote:
> >On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote:
> >>On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding <me@tobin.cc> wrote:
> >>>
> >>> I did not sign the tag, it looks like you have not processed this yet.
> >>> Do you want me to re-do the pull request on a signed tag?
> >>
> >>When pulling from github? Absolutely.
> >
> >Linus I'm not in the web of trust, pulling a tag signed by an _unknown_
> >key is not secure is it? Would it not be better to get into the web of
> >trust first before requesting you pull any code from me.
> 
> Many kernel developers use "Trust on First Use" (TOFU) approach, which is
> not unreasonable -- it's what ssh has been using for the past couple of
> decades. In the end, the goal of tag signing is not to verify your
> *identity* but to verify that Tobin C. Harding from today is the same Tobin
> C.  Harding whose code was reviewed and merged 3 months ago.

Cool.

> >Also, once I get in the web of trust I can apply to get my tree hosted
> >on git.kernel.org so you don't have to pull from GitHub.
> 
> We have different rules for issuing actual accounts at kernel.org. We *do*
> rely on the web of trust, since I personally have no way of verifying who is
> a real developer and who isn't. Even then, I don't really care about your
> identity as much as I need to have assurances from other members of
> kernel.org that they have worked with you previously and they can vouch that
> you are their fellow kernel developer.

I'll sort it out and get back to you.

thanks,
Tobin.