Received: by 10.223.176.5 with SMTP id f5csp3224148wra;
        Thu, 1 Feb 2018 12:51:40 -0800 (PST)
X-Google-Smtp-Source: AH8x225oKGYziTXfmkbII/ybmMs8J2oOUkGz008zZhgdJm3cuzkdkrMRc7xgd9IiA9gQWlLPYR1e
X-Received: by 10.98.10.18 with SMTP id s18mr17918008pfi.155.1517518300261;
        Thu, 01 Feb 2018 12:51:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517518300; cv=none;
        d=google.com; s=arc-20160816;
        b=Vl28psecXylaPDxJ27GuU+Y8enJw/wkPwnec0dezkchigCJcVrWqyqVRWCcd6TFsnr
         l0MAdfxTIQBqLimMThTV5Uzm9jptu7w5jDQ5GfH3lfYtKk0u1XmC4GazLpOMWKMW+fcv
         Ae7p05YTc4E/qJAb5nZgx21sze9FKBy2A4OwqypdpVy0vf/E30ZgLIzMYhKltET1eHbi
         ouNY5DR8pjmdGOpHK9Hd1H1pwuu2w/a8FGXBzWJWe88H/T50KWVRuNVPOrM/ywAMvnZ2
         Q1xV0uAEvq9BZKYR2f7sNAyVTf97V/eHvWHGfVdDS3tc60jSiL9DYeeFZEZC9gZRlLyh
         BIlQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature
         :arc-authentication-results;
        bh=KOVW1LVJzn8XqHPQUvbikxNZekILd3J5nmTHsgCumxA=;
        b=C4LN0+6dvA7H9h2OMHEJ5Oe00c+UNfZm4Di+bBBD4Ln9a4ySZ4U2cstjFZbTs19V+P
         xAx4pAh0A3KNf6GUx5dNAdIXxzRcI984SSLMTEQyIAYw6E8A36p3QGCz/0wg1K4Yt4J6
         JoP+UmaqyvbqViSJqIphLcrxDZ+CwhtbImVMi7Hvm9xpFnlTe5Xdgjh4YIKSAD/5UFyx
         I2k3LQuNi6ovb0YE8xR69a86klne8W8v0IfRO8hl0QTT4lKqisaakEwGhWHpNIvZ1RKI
         eMHzLJQ84TxXTcOBcOMUT1V5/kf6gT3xpxUNSvgDxNVko2+8asEDU35pbRwRWhg7L2I1
         a9HQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=google header.b=MHIdhoQG;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 62-v6si316658pld.136.2018.02.01.12.51.23;
        Thu, 01 Feb 2018 12:51:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=google header.b=MHIdhoQG;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751912AbeBAUu2 (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Thu, 1 Feb 2018 15:50:28 -0500
Received: from mail-qt0-f196.google.com ([209.85.216.196]:34372 "EHLO
        mail-qt0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751677AbeBAUuW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 1 Feb 2018 15:50:22 -0500
Received: by mail-qt0-f196.google.com with SMTP id a27so28269393qtd.1
        for <linux-kernel@vger.kernel.org>; Thu, 01 Feb 2018 12:50:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linuxfoundation.org; s=google;
        h=date:from:to:cc:subject:message-id:mail-followup-to:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=KOVW1LVJzn8XqHPQUvbikxNZekILd3J5nmTHsgCumxA=;
        b=MHIdhoQG6kToKhxapheRALfCxxdA6PEkTlxZgFAbn+dCh83GBCOE2Y1C/shj7KjMDd
         uPSbRqjBLYyw36xmIXLDWLkhcXmEbhVU5+jT97QMUcz91LT7/POl31gWeyC5SW8rdOQS
         G+1k6ERuEh2HIz+QYa58DMYVM+2XvuIBDU2tE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id
         :mail-followup-to:references:mime-version:content-disposition
         :in-reply-to:user-agent;
        bh=KOVW1LVJzn8XqHPQUvbikxNZekILd3J5nmTHsgCumxA=;
        b=ZKiRbNByNhC9hwxaH7Ich8LvYm4B+e8uYofd9BCATKA1bkhLRmEYXxOre7ZKLkbMdn
         Vn/50w4ERVW+EIYzre2ihIFXPM6JBp0q6wCe0kqQOePplRnsZJ5uE+sztRoxPLl8MmU2
         OGY365/ZG7J95WDTFjs4NRRjYDmVlBlEz1noV6+qSy/NspukMLCkdOKiHdG3rpRA8quN
         iL6OZGLWdpV4UJ+WPKgX+zUdrVtirNfKUPZuX9GZVzgBqMqtVvCD3y1obbfDntldlAak
         oHBDYVrPW0gzmuVL/oGeVPXzeoHt73bx9ihRJ7Zq3tijurA3HOwDbPJ3zkUjn9HB4y4T
         eFjg==
X-Gm-Message-State: AKwxytfaARlLdrqX5Cxg32qYeizCsAb9frn52qjkdNnKJL9pJNaqMWYf
        jygpLfsbXTPpaKu0pSMMEiNakg==
X-Received: by 10.200.1.82 with SMTP id f18mr63790996qtg.51.1517518221807;
        Thu, 01 Feb 2018 12:50:21 -0800 (PST)
Received: from gmail.com (modemcable221.121-21-96.mc.videotron.ca. [96.21.121.221])
        by smtp.gmail.com with ESMTPSA id r34sm268340qtd.48.2018.02.01.12.50.20
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 01 Feb 2018 12:50:21 -0800 (PST)
Date:   Thu, 1 Feb 2018 15:50:18 -0500
From:   Konstantin Ryabitsev <konstantin@linuxfoundation.org>
To:     Jonathan Corbet <corbet@lwn.net>
Cc:     linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
        jani.nikula@linux.intel.com
Subject: Re: [PATCH v2] Documentation/process: kernel maintainer PGP guide
Message-ID: <20180201205018.fmjjvrvc4ytsg2fh@gmail.com>
Mail-Followup-To: Jonathan Corbet <corbet@lwn.net>,
        linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
        jani.nikula@linux.intel.com
References: <20180130184917.GA32095@gmail.com>
 <20180201144233.GA19712@gmail.com>
 <20180201111450.646b9974@lwn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Disposition: inline
In-Reply-To: <20180201111450.646b9974@lwn.net>
User-Agent: NeoMutt/20171215
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 01, 2018 at 11:14:50AM -0700, Jonathan Corbet wrote:
> - Capitalizing "Kernel" bugs me.  Obviously not a big deal.

Noted.

> - The "master keys vs. subkeys" section is nice, but it's missing one
>   thing, IMO: a sentence saying what a subkey *is* in the first place.

I'll work that in for subsequent changes

> - We don't normally endorse commercial products in kernel docs.  OTOH, I
>   don't see any other way for people to know which keycards they should
>   get. This section is sure to go obsolete as products come and go,
>   though - you're on the hook for maintaining it :)

If we wanted to avoid this, one way would be to refer people to the 
"Protecting Code Integrity" guide for smartcard recommendations, though 
it uses slightly different criteria (Mac users suddenly become 
important).

> - The suggestion to sign individual commits is, as I understand it,
>   controversial (Linus doesn't agree with it) and is 100% contrary to
>   current practice.  Are there any signed commits in the kernel repo
>   now?  Given that, I'm a bit nervous about putting commit-signing
>   forward as standard practice.

Linus isn't against it, he just points out that it serves no purpose -- 
the only thing that needs to be signed is the tip of each branch. Since 
each commit contains the parent checksum of the previous commit, that 
provides a backward chain for the rest of the branch, and that is 
sufficient to give cryptographic assurances for the remainder of all 
repo objects without needing to separately sign each of the commits 
leading to the tip.

And, of course, all those PGP signatures are lost when commits are 
converted to patches, so in his view the whole thing is pretty 
pointless. All he needs is signatures on tags that he pulls directly 
from maintainers.

However, there is currently no way to tell git "sign just the tip of the 
branch" -- I'm not even sure how it would work, because git has no 
knowledge of your intentions. A tip may only remain a tip for a couple 
of seconds before you add more commits. And should signatures be removed 
from previous commit tips, or just left there? And if so, why not just 
sign every commit anyway, since it doesn't *hurt* anything, especially 
if gpg-agent is properly configured -- it's just a background operation 
that doesn't even slow down your work if you use ECC subkeys.

Anyway, I feel it should remain as a weak recommendation just in case 
someone has to prove at any point their authorship of a specific commit, 
but I'm happy to change it, remove it, or add more detail explaining the 
above if you think the section should be expanded. I can talk about it 
for pages on end, I was just trying to be succinct. ;)

> - I'm not quite sure what the "finding paths to Linus" link is supposed
>   to do for the reader.

The idea is that it's a weak substitute for a web of trust. If someone 
isn't keeping one going, then using the PGP Pathfinder will give them at 
least *some* indication about whether the key is trusted or not. I do 
agree that if you don't already know what you're looking at, the output 
is fairly opaque. It's long been my desire to put together a 
kernel.org-specific tool where you can check similar data using pretty 
graphs (e.g. https://mricon.com/misc/korg-wot-graph.png), but I haven't 
had a chance yet.

>Anyway, these are all quibbles, and I think the documentation is
>definitely improved by having this, so I'm going ahead and applying it.
>It may be worth considering some tweaks for the issues above, though, as
>time allows.

Will do, thank you for the feedback!

-K