On Mon, 05 Sep 2011, Mauro Carvalho Chehab wrote: > It would be great if "git remote update" could also verify the tag > signature (if present), as most of us just do a "git remote update". That helps, and it really should be all that matter for a power-end-user that just wants to build his kernel from a git tree. However, one can still try to trick someone to base the tree he's going to use for a future pull request on a tree with a rogue commit, in order to try to get the rogue commit into mainline through an indirect path, for example. Yeah, it is very obvious, and not a real major point of concern around LKML: we all check the diff, log or shortlog between the tree we're offering upstream to pull from) and the current upstream tree for any stray commits after all (if only to avoid embarassing mistakes). And upstream does his/her own checks before keeping the merged tree, and so forth. It's just that the security of the kernel source trees are not a simple consequence of how git works: the workflow matters. I feel that point deserves to be stressed every once in a while, however obvious it might be. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html