2023-07-16 21:09:42

by Thomas Weißschuh

[permalink] [raw]
Subject: [PATCH] pgpkeys: new keys need two signatures

Recent messages on the [email protected] list indicate that two
signatures are needed.
This also matches the wording from accounts.rst.

Signed-off-by: Thomas Weißschuh <[email protected]>
---
source/pgpkeys.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/pgpkeys.rst b/source/pgpkeys.rst
index 78ba703ff42b..ee2a912612f8 100644
--- a/source/pgpkeys.rst
+++ b/source/pgpkeys.rst
@@ -3,7 +3,7 @@ Kernel developer PGP keyring

If you regularly contribute code to the Linux kernel, you are encouraged
to submit your key to be included in the PGP keyring repository. For us
-to be able to accept it, it must have at least one signature from
+to be able to accept it, it must have at least two signatures from
someone whose key is already in that repository, so we can trace each
key's trust lineage to the head maintainer (Linus Torvalds).


---
base-commit: 8196a3c298d9b1f11be305c87eb890f44f7c8cc5
change-id: 20230716-fixes-b22a305dc9d2

Best regards,
--
Thomas Weißschuh <[email protected]>



2023-10-17 17:48:37

by Konstantin Ryabitsev

[permalink] [raw]
Subject: Re: [PATCH] pgpkeys: new keys need two signatures

On Sun, Jul 16, 2023 at 09:38:19PM +0200, Thomas Weißschuh wrote:
> Recent messages on the [email protected] list indicate that two
> signatures are needed.
> This also matches the wording from accounts.rst.

Sorry for the long delay getting back to you. The current wording is actually
correct -- to be included into the keyring it is sufficient to just have a
single path to Linus.

We do require two signatures to get a kernel.org account, but it's a separate
set of requirements -- not everyone included into the keyring has an account.

-K