Re: How to send GnuPG signed mail to linux-kernel and maintainers?

Dave Jones (davej@suse.de)
Sun, 26 May 2002 14:50:18 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ruth Ivimey-Cook: "Re: [patch] New driver for Artop [Acard] controllers."
Previous message: Luca Barbieri: "How to send GnuPG signed mail to linux-kernel and maintainers?"
In reply to: Luca Barbieri: "How to send GnuPG signed mail to linux-kernel and maintainers?"

On Sun, May 26, 2002 at 02:29:07PM +0200, Luca Barbieri wrote:
> Not using digital signatures is obviously not an option since there is
> no way to prove that a message was not authentic (if it contains a
> trojan patch, for example).

Just because a patch has been signed does not mean it somehow manages
to bypass peer review.

If the patch is correct, it gets applied. If it's not obviously correct,
it gets reviewed by someone more familiar with the code.

Some people have a hard enough time getting patches they believe are
legitimate features/fixes past Al Viro, Dave Miller and the likes.
The chances of a trojan patch getting past them is I would hope, extremely minimal.

Dave.

-- 
| Dave Jones.        http://www.codemonkey.org.uk
| SuSE Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Ruth Ivimey-Cook: "Re: [patch] New driver for Artop [Acard] controllers."
Previous message: Luca Barbieri: "How to send GnuPG signed mail to linux-kernel and maintainers?"
In reply to: Luca Barbieri: "How to send GnuPG signed mail to linux-kernel and maintainers?"