Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15
On Thu, Nov 16, 2017 at 01:16:28PM +1100, Michael Ellerman wrote: > "Tobin C. Harding" writes: > > > Clearly I am unable to use email. > > > > Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking > > addresses stuff that may know my face. > > > > Adding to CC: Michael - closest kernel developer by proximity that I > > have had direct correspondence with. > > > > Adding to CC: Konstantin - previous correspondence re kernel.org tree > > hosting. > > > > On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote: > >> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding wrote: > >> > > >> > I did not sign the tag, it looks like you have not processed this yet. > >> > Do you want me to re-do the pull request on a signed tag? > >> > >> When pulling from github? Absolutely. > > > > Linus I'm not in the web of trust, pulling a tag signed by an _unknown_ > > key is not secure is it? Would it not be better to get into the web of > > trust first before requesting you pull any code from me. > > Linus will probably respond, but in short it's good to be in the web of > trust, but until you are it's still worth signing your tags. > > When you do get some signatures on your key, then we'll be able to see > that all your existing pull requests were really from you. > > At the end of the day what matters is that you send good code over a > period of time - and whether the Australian Government agrees that your > name is "Tobin Harding" is somewhat orthogonal to that. > > > Web of trust presents a social problem that I am not versed in. With my > > limited knowledge I can present the following solutions. > > > > 1. Get my key signed at linux.conf.au in January in Sydney. > > Sounds good, maybe we should have a 15 minute key signing slot at the > kernel miniconf. I'll contact the organizer. > > 2. Request a video call with _some_ number of kernel developers to sign > >key (suggested by Konstantin). > > 3. Drive to Canberra and meet face to face with Michael to sign key > >(if he would agree to that). > > Yeah if you want to that's no problem, just give me some notice :) I understand that there is no rush now so driving seems silly. See you in Sydney. thanks, Tobin.
Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15
"Tobin C. Harding" writes: > Clearly I am unable to use email. > > Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking > addresses stuff that may know my face. > > Adding to CC: Michael - closest kernel developer by proximity that I > have had direct correspondence with. > > Adding to CC: Konstantin - previous correspondence re kernel.org tree > hosting. > > On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote: >> On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding wrote: >> > >> > I did not sign the tag, it looks like you have not processed this yet. >> > Do you want me to re-do the pull request on a signed tag? >> >> When pulling from github? Absolutely. > > Linus I'm not in the web of trust, pulling a tag signed by an _unknown_ > key is not secure is it? Would it not be better to get into the web of > trust first before requesting you pull any code from me. Linus will probably respond, but in short it's good to be in the web of trust, but until you are it's still worth signing your tags. When you do get some signatures on your key, then we'll be able to see that all your existing pull requests were really from you. At the end of the day what matters is that you send good code over a period of time - and whether the Australian Government agrees that your name is "Tobin Harding" is somewhat orthogonal to that. > Web of trust presents a social problem that I am not versed in. With my > limited knowledge I can present the following solutions. > > 1. Get my key signed at linux.conf.au in January in Sydney. Sounds good, maybe we should have a 15 minute key signing slot at the kernel miniconf. > 2. Request a video call with _some_ number of kernel developers to sign >key (suggested by Konstantin). > 3. Drive to Canberra and meet face to face with Michael to sign key >(if he would agree to that). Yeah if you want to that's no problem, just give me some notice :) cheers
Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15
Clearly I am unable to use email. Adding to CC: Greg, Steve, Paul - kernel developers CC'd on leaking addresses stuff that may know my face. Adding to CC: Michael - closest kernel developer by proximity that I have had direct correspondence with. Adding to CC: Konstantin - previous correspondence re kernel.org tree hosting. On Tue, Nov 14, 2017 at 02:45:59PM -0800, Linus Torvalds wrote: > On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding wrote: > > > > I did not sign the tag, it looks like you have not processed this yet. > > Do you want me to re-do the pull request on a signed tag? > > When pulling from github? Absolutely. Linus I'm not in the web of trust, pulling a tag signed by an _unknown_ key is not secure is it? Would it not be better to get into the web of trust first before requesting you pull any code from me. Web of trust presents a social problem that I am not versed in. With my limited knowledge I can present the following solutions. 1. Get my key signed at linux.conf.au in January in Sydney. 2. Request a video call with _some_ number of kernel developers to sign key (suggested by Konstantin). 3. Drive to Canberra and meet face to face with Michael to sign key (if he would agree to that). I'm guessing I've missed the boat for this merge window so the option that imposes the least on other developers time is option 1, get my key signed by a bunch of kernel developers at LCA. Also, once I get in the web of trust I can apply to get my tree hosted on git.kernel.org so you don't have to pull from GitHub. Please advise when, and if, you have time. thanks, Tobin.
Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15
On Tue, Nov 14, 2017 at 1:03 PM, Tobin C. Harding wrote: > > I did not sign the tag, it looks like you have not processed this yet. > Do you want me to re-do the pull request on a signed tag? When pulling from github? Absolutely. Linus
Re: [GIT PULL 2nd resend] leaking_addresses updates for 4.15
On Tue, Nov 14, 2017, at 10:04, Tobin C. Harding wrote: > The following changes since commit: > bebc6082da0a9f5d47a1ea2edc099bf671058bd4 > > Linux 4.14 (2017-11-12 10:46:13 -0800) > > are available in the git repository at: > > https://github.com/tcharding/linux tags/leaking_addresses-4.15 > > for you to fetch changes up to a11949ec20635b43d82ee229315fd2e3c80c22a3: > > leaking_addresses: add SigIgn to false positives (2017-11-14 09:25:11 > +1100) Hi Linus, I did not sign the tag, it looks like you have not processed this yet. Do you want me to re-do the pull request on a signed tag? thanks, Tobin.
[GIT PULL 2nd resend] leaking_addresses updates for 4.15
The following changes since commit: bebc6082da0a9f5d47a1ea2edc099bf671058bd4 Linux 4.14 (2017-11-12 10:46:13 -0800) are available in the git repository at: https://github.com/tcharding/linux tags/leaking_addresses-4.15 for you to fetch changes up to a11949ec20635b43d82ee229315fd2e3c80c22a3: leaking_addresses: add SigIgn to false positives (2017-11-14 09:25:11 +1100) Correct tag name. Clearly I am doing this manually, and failing pretty hard. Sorry for the noise. thanks, Tobin. -- leaking_addresses updates for 4.15 Here are development updates for the leaking_addresses.pl script. First there is some clean up. Also we change the command line options; add summary reporting functionality. We add a timeout to stop the script blocking indefinitely and add SigIgn to false positive checks. We also add infrastructure to handle multiple architectures and add support for ppc64. Signed-off-by: Tobin C. Harding -- Tobin C. Harding (9): leaking_addresses: use tabs instead of spaces leaking_addresses: remove dead/unused code leaking_addresses: remove command line options leaking_addresses: fix comment string typo leaking_addresses: add to exclude files/paths list leaking_addresses: add summary reporting options leaking_addresses: add support for ppc64 leaking_addresses: add timeout on file read leaking_addresses: add SigIgn to false positives scripts/leaking_addresses.pl | 370 +-- 1 file changed, 283 insertions(+), 87 deletions(-)