[dpdk-web] [PATCH] add my gpg key id

Luca Boccassi bluca at debian.org
Wed Jun 17 18:25:48 CEST 2020

Previous message: [dpdk-web] [PATCH] add my gpg key id
Next message: [dpdk-web] [PATCH] update quick start page
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2020-06-17 at 15:01 +0100, Ferruh Yigit wrote:
> On 5/22/2020 9:46 PM, Stephen Hemminger wrote:
> > On Fri, 22 May 2020 20:37:28 +0100
> > Ferruh Yigit <ferruh.yigit at intel.com> wrote:
> > 
> > > On 5/20/2020 9:41 PM, Stephen Hemminger wrote:
> > > > Put my current GPG key id on the security web page.
> > > > Keep maintainers names in alphabetical order here.
> > > > 
> > > > Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
> > > > ---
> > > >  content/security/_index.md | 1 +
> > > >  1 file changed, 1 insertion(+)
> > > > 
> > > > diff --git a/content/security/_index.md b/content/security/_index.md
> > > > index 79349dbb66a6..264de573698f 100644
> > > > --- a/content/security/_index.md
> > > > +++ b/content/security/_index.md
> > > > @@ -19,4 +19,5 @@ The Security Team can be reached at [security at dpdk.org](ma
> ilto:security at dpdk.org
> > > >  For any security report, the message should be encrypted with the following
>  GPG keys:
> > > >  - `F933EB43DF13611F` - *Ferruh Yigit*
> > > > +- `80A77F6095CDE47E` - *Stephen Hemminger*
> > > >  - `683000CC50B9E390` - *Thomas Monjalon*
> > > > 
> > > 
> > > Hi Stephen,
> > > 
> > > A theoretical question, how can we be sure you are you? (Not a malicious pers
> on
> > > sending an email from your email address and trying to add its key to steal a
> ll
> > > DPDK security secrets J)
> > 
> > I could send the patch via signed email, but git send-email doesn't do that by
>  default.
> > But that would not answer your question which is a web of trust issue.
> > My key is in the Linux kernel web of trust already, it is rather old
> > 
> 
> (re-sending, since mail list rejected signature file)
> 
> For this patch
> Acked-by: Ferruh Yigit <ferruh.yigit at intel.com>
> 
> 
> But for the overall trust issue, should we also have a "web of trust" and what
> needs to be done for it?

We can check by uploading to https://keys.openpgp.org/about which
checks that you own the email address before allowing the key to be
added

-- 
Kind regards,
Luca Boccassi

Previous message: [dpdk-web] [PATCH] add my gpg key id
Next message: [dpdk-web] [PATCH] update quick start page
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the web mailing list