On Mon, Oct 14, 2019 at 11:28:59AM -0300, Mauro Carvalho Chehab wrote:
Yeah, our current security model is based at the maintainer for
him to do his duties, properly reviewing the patch.
Yet, at the example that Daniel gave:
Instead of:
if ((permissions == allowed) && other_stuff) {
On Mon, 14 Oct 2019 10:38:51 +1100
Daniel Axtens wrote:
> > It does bring up that any new workflow has to have security protocol
> > and threat model as part of its design.
>
> This is actually something that worries me about the patchwork
> workflow. Maintainers seem to trust the patchwork ve
Em Mon, 14 Oct 2019 08:26:37 -0400
"Theodore Y. Ts'o" escreveu:
> On Mon, Oct 14, 2019 at 12:42:36PM +0200, Toke Høiland-Jørgensen wrote:
> > It should be detectable, though, right?
> >
> > Say you have two independently administered patchwork instances (or even
> > better, two different softwar
Em Mon, 14 Oct 2019 09:53:58 -0400
"Theodore Y. Ts'o" escreveu:
> On Mon, Oct 14, 2019 at 10:41:32AM -0300, Mauro Carvalho Chehab wrote:
> > It can still have man-in-the-middle (MITM) attacks between the sender and
> > vger.kernel.org. Please notice that using https and adding the patch
> > via a
Toke Høiland-Jørgensen writes:
> Daniel Axtens writes:
>
>>> It does bring up that any new workflow has to have security protocol
>>> and threat model as part of its design.
>>
>> This is actually something that worries me about the patchwork
>> workflow. Maintainers seem to trust the patchwork
Hi Eric,
On Mon, Oct 14, 2019 at 2:12 AM Eric Wong wrote:
> Konstantin Ryabitsev wrote:
> > On Fri, Oct 11, 2019 at 09:23:08PM +, Eric Wong wrote:
> > > > (This is the same reason I generally disagree with Eric Wong about
> > > > preserving SMTP as the primary transmission protocol -- I've h
On Sat, Oct 12, 2019 at 09:19:11AM +0200, Greg KH wrote:
> On Fri, Oct 11, 2019 at 05:35:53PM -0400, Konstantin Ryabitsev wrote:
> > 1. provide a way for someone to submit a patch using a web interface (but
> > still in a way that From: is their corporate ID)
> If you do this, what happens when
Geert Uytterhoeven wrote:
> On Mon, Oct 14, 2019 at 2:12 AM Eric Wong wrote:
> > We can also find creative ways to subvert corporate policies:
> > For example; if their policy specifically prevents outgoing SMTP,
> > "git imap-send" could be used.
>
> IMAP may be blocked, too?
Yes, was just poi
On Mon, Oct 14, 2019 at 10:41:32AM -0300, Mauro Carvalho Chehab wrote:
> It can still have man-in-the-middle (MITM) attacks between the sender and
> vger.kernel.org. Please notice that using https and adding the patch
> via a web interface can also be subject to MITM, as companies and even some
> C
"Theodore Y. Ts'o" writes:
> On Mon, Oct 14, 2019 at 12:42:36PM +0200, Toke Høiland-Jørgensen wrote:
>> It should be detectable, though, right?
>>
>> Say you have two independently administered patchwork instances (or even
>> better, two different software packages entirely) that both subscribe
On Mon, Oct 14, 2019 at 04:58:17PM +0200, Dmitry Vyukov wrote:
> On Fri, Oct 11, 2019 at 7:20 PM Shuah Khan wrote:
> >
> > On 10/11/19 2:57 AM, Greg KH wrote:
> > > On Thu, Oct 10, 2019 at 10:41:50AM -0400, Konstantin Ryabitsev wrote:
> > >> Hi, all:
> > >>
> > >> I would like to propose a new (la
On Mon, Oct 14, 2019 at 12:42:36PM +0200, Toke Høiland-Jørgensen wrote:
> It should be detectable, though, right?
>
> Say you have two independently administered patchwork instances (or even
> better, two different software packages entirely) that both subscribe to
> the mailing lists, and compare
Daniel Axtens writes:
>> It does bring up that any new workflow has to have security protocol
>> and threat model as part of its design.
>
> This is actually something that worries me about the patchwork
> workflow. Maintainers seem to trust the patchwork version of a patch
> without much (or any
Konstantin Ryabitsev wrote:
> On Fri, Oct 11, 2019 at 09:23:08PM +, Eric Wong wrote:
> > > (This is the same reason I generally disagree with Eric Wong about
> > > preserving SMTP as the primary transmission protocol -- I've heard lots of
> > > complaints both from kernel developers and especi
On Mon, Oct 14, 2019 at 04:58:17PM +0200, Dmitry Vyukov wrote:
> As one data point, I cannot send emails with git send-email anymore.
> It used to work, then broke and I don't know how to fix it. Now it says:
>
> 5.7.8 Username and Password not accepted. Learn more at
> 5.7.8 https://support.goog
Hi Konstantin,
On Fri, Oct 11, 2019 at 05:35:53PM -0400, Konstantin Ryabitsev wrote:
> On Fri, Oct 11, 2019 at 09:23:08PM +, Eric Wong wrote:
> >> (This is the same reason I generally disagree with Eric Wong about
> >> preserving SMTP as the primary transmission protocol -- I've heard lots of
Hi Greg,
On Mon, Oct 14, 2019 at 05:17:11PM +0200, Greg KH wrote:
> On Mon, Oct 14, 2019 at 04:58:17PM +0200, Dmitry Vyukov wrote:
> > On Fri, Oct 11, 2019 at 7:20 PM Shuah Khan wrote:
> > > On 10/11/19 2:57 AM, Greg KH wrote:
> > > > On Thu, Oct 10, 2019 at 10:41:50AM -0400, Konstantin Ryabitsev
Hi Dmitry,
On Mon, Oct 14, 2019 at 04:58:17PM +0200, Dmitry Vyukov wrote:
> On Fri, Oct 11, 2019 at 7:20 PM Shuah Khan wrote:
> > On 10/11/19 2:57 AM, Greg KH wrote:
> >> On Thu, Oct 10, 2019 at 10:41:50AM -0400, Konstantin Ryabitsev wrote:
> >>> Hi, all:
> >>>
> >>> I would like to propose a new
On Sat, Oct 12, 2019 at 8:22 AM Stephen Finucane wrote:
>
> On Thu, 2019-09-19 at 11:49 -0500, Bjorn Helgaas wrote:
> > No doubt this is user or installation error, but I haven't a clue. My
> > ~/.pwclientrc:
> >
> > [options]
> > default = linux-pci
> >
> > [linux-pci]
> > url = https://
19 matches
Mail list logo
