Received: by 10.223.176.5 with SMTP id f5csp3069320wra; Thu, 1 Feb 2018 10:15:34 -0800 (PST) X-Google-Smtp-Source: AH8x224SE/7zM7AqJX+XMiyCDBr5E+F1n48lh5eftReqdc3EcCZ2r8ATlZP04chdPI+JzJ6ZofwR X-Received: by 10.98.204.75 with SMTP id a72mr37546461pfg.211.1517508934880; Thu, 01 Feb 2018 10:15:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517508934; cv=none; d=google.com; s=arc-20160816; b=fXeM1yWf/gZmL9NCkrecYfygzwCJoLsdKarvKWUZ4BbQoHCuAUQNLgC/BsbnT2Zs1N FSrkE5yLm8lxEOM+qfzCjKPM7Q+w7yX1h59fgk9ST6zi3g69mQuncntt8c/0w8lIrK7y mNIHY4QxhbmTH/t5EFxjQ5nnsWyMzN1Q6biIqDeu2wHFXJ9C56r/WYp7I4HXF7bmWCzz e1iWmGd2fOLo8mBdNprgc7j97jVV6GlscVwTQC1Ht8a3qMNAh0QkiTL1JogLOv5Zv5Ba H6cvlA3wn5ydpNxNoZwoOYCfonF2NYQ9FPVb6+RpD41xhJJrXAaHdylAVTNf6eB+sYmX 218g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=XPUzg9xB1ss6doLuQq1wyQ+JVvd+RWoKCdLnVRB7LAc=; b=q6H21AExbVTcnoFhqehiz1wIrSab64T4kTA6jSd5UipLPk5IdZ6UoGag3RJtwRjRTt NA7IlXYzg34v1+ESJWp7OxAi+GIKZRviS+ZGb+JOX/hHz+Qfrz2j3dk//yHgehSKtGgW uloRlQ2AAYjfX5yA+asE4FoJPrgzyn9EkZNTZAqlGbXytVs2slLLUqxty8fge96SyzJ2 6yiBbi8QnlIXM+wicAp0uVHN62itk4uT4LMKrVZvBten/PoiN3oTF91jJBeKl1bC7Jw0 CSuci4kcuWhS1AjMgu3ZMJNwJUBpyFemj3SVkWceZ1OVPU7RAvg5Yg6S+r213qlA6Rlj 5Y3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y11si22811pgv.625.2018.02.01.10.15.19; Thu, 01 Feb 2018 10:15:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752908AbeBASOz (ORCPT + 99 others); Thu, 1 Feb 2018 13:14:55 -0500 Received: from ms.lwn.net ([45.79.88.28]:42324 "EHLO ms.lwn.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752015AbeBASOw (ORCPT ); Thu, 1 Feb 2018 13:14:52 -0500 Received: from lwn.net (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ms.lwn.net (Postfix) with ESMTPSA id D49821AA; Thu, 1 Feb 2018 18:14:51 +0000 (UTC) Date: Thu, 1 Feb 2018 11:14:50 -0700 From: Jonathan Corbet To: Konstantin Ryabitsev Cc: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, jani.nikula@linux.intel.com Subject: Re: [PATCH v2] Documentation/process: kernel maintainer PGP guide Message-ID: <20180201111450.646b9974@lwn.net> In-Reply-To: <20180201144233.GA19712@gmail.com> References: <20180130184917.GA32095@gmail.com> <20180201144233.GA19712@gmail.com> Organization: LWN.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 1 Feb 2018 09:42:33 -0500 Konstantin Ryabitsev wrote: > This guide is an adapted version of the more general "Protecting Code > Integrity" guide written and maintained by The Linux Foundation IT for > use with open-source projects. It provides the oft-lacking guidance on > the following topics: > > - how to properly protect one's PGP keys to minimize the risks of them > being stolen and used maliciously to impersonate a kernel developer > - how to configure Git to properly use GnuPG > - when and how to use PGP with Git > - how to verify fellow Linux Kernel developer identities > > I believe this document should live with the rest of the documentation > describing proper processes one should follow when participating in > kernel development. Placing it in a wiki on some place like kernel.org > would be insufficient for a number of reasons -- primarily, because only > a relatively small subset of maintainers have accounts on kernel.org, > but also because even those who do rarely remember that such wiki > exists. Keeping it with the rest of in-kernel docs should hopefully give > it more visibility, but also help keep it up-to-date as tools and > processes evolve. > > Signed-off-by: Konstantin Ryabitsev OK, I've been through all of this. Naturally, I have a few quibbles: - Capitalizing "Kernel" bugs me. Obviously not a big deal. - The "master keys vs. subkeys" section is nice, but it's missing one thing, IMO: a sentence saying what a subkey *is* in the first place. - We don't normally endorse commercial products in kernel docs. OTOH, I don't see any other way for people to know which keycards they should get. This section is sure to go obsolete as products come and go, though - you're on the hook for maintaining it :) - The suggestion to sign individual commits is, as I understand it, controversial (Linus doesn't agree with it) and is 100% contrary to current practice. Are there any signed commits in the kernel repo now? Given that, I'm a bit nervous about putting commit-signing forward as standard practice. - I'm not quite sure what the "finding paths to Linus" link is supposed to do for the reader. Anyway, these are all quibbles, and I think the documentation is definitely improved by having this, so I'm going ahead and applying it. It may be worth considering some tweaks for the issues above, though, as time allows. Thanks, jon