On 22 Apr 2022 at 04:28, Dave Chinner wrote: > Hi Chandan, > > On Mon, Apr 18, 2022 at 10:24:25AM +0530, Chandan Babu R wrote: >> Hi Dave, >> >> The following changes since commit ce522ba9ef7e2d9fb22a39eb3371c0c64e2a433e: >> >> Linux 5.18-rc2 (2022-04-10 14:21:36 -1000) >> >> are available in the Git repository at: >> >> https://github.com/chandanr/linux.git tags/large-extent-counters-v9 > > I've pulled this down and it seems fine, but there's problem I can't > solve directly: the tag isn't signed so I can't tell if the tree > I've pulled is unmolested. > > If you were asking me to pull from git.kernel.org, that wouldn't be > a problem. But I don't trust github to be safe - forget about > hackers, github's owners have demonstrated they will modify > repositories directly if it is convenient for them to do so. i.e. > they have overwritten hosted trees without the author's and/or > copyright owner's consent and locked out the owner(s) of the code > from ever being able to update their tree again. > > As such, I don't consider github to be a trustworthy source, and so > if you are going to use it for pull requests I need the tag to be > signed with you gpg key so that I can verify the commits I'm pulling > match the ones you pushed to the hosting site. > > Can you post on #xfs or DM on oftc the last five commits (--one-line > format is fine) from your local branch that you pushed to github so > that I have an OOB confirmation that the commit IDs I've pulled > match your original commits? Hi Dave, I have sent the details of the last five commits via DM on OFTC. Please let me know if you haven't received it. -- chandan
