On Tue, 6 Sep 2011 18:47:25 -0700, Guenter Roeck wrote: > On Tue, Sep 06, 2011 at 07:16:13PM -0400, Linus Torvalds wrote: > > Guys, when using some general git hosting site, I really want some > > proof that you are you. Not just a "please pull". > > > > Tell me *why* I should believe that this is a real pull request from > > the proper source. Otherwise I'll just wait until kernel.org is back > > to life, where random people can't just create repositories and send > > email. > > sorry, I didn't think that far. You are absolutely right. No idea if and how > I can prove that I am me. Generate a PGP signature ? Can't everyone do that > and subsequently claim to be me ? All I represent (technically) is an account > on kernel.org, which might not even exist anymore. When you created this account on kernel.org, you used a PGP key to identify yourself, didn't you? If you sign your message with that key, then a few people (basically the kernel.org maintainers) will be able to confirm that you are the same person who had a trusted kernel.org account. I don't know if Linus has the list though. What surprises me a little is that I don't have your public key in my keyring, and I can't seem to be able to find it on public servers either. You really should push your key to public key servers, otherwise a signed message from you has no value in general. Obviously it's a little late now though. The whole idea of trust and signatures is to keep the level of trust after odd events such as the kernel.org break-in. For this, keys must have been exchanged, tested and trusted long before said event happens. > (...) > The fixes are not that important and can wait. Please ignore my pull request; > I'll re-send it after kernel.org is up and running again. It's getting long :( I wonder how much more time it will take. -- Jean Delvare _______________________________________________ lm-sensors mailing list lm-sensors@xxxxxxxxxxxxxx http://lists.lm-sensors.org/mailman/listinfo/lm-sensors
