From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3D57EA04A5 for ; Wed, 17 Jun 2020 18:25:52 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EC65A1252; Wed, 17 Jun 2020 18:25:51 +0200 (CEST) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 094A01023 for ; Wed, 17 Jun 2020 18:25:51 +0200 (CEST) Received: by mail-wm1-f67.google.com with SMTP id g10so2446258wmh.4 for ; Wed, 17 Jun 2020 09:25:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:content-transfer-encoding:user-agent:mime-version; bh=m3MwALt7JVA3sMKUIgE4V/tfNwytBS2+zlsv2xls5A0=; b=WcvfkF61iux/DqLWC4FUWtL3OhtKuz0WktEHxjPkLY9vLF4A9QKx8WDCLYijUrqP87 fn0ix7GmqDGPKjC4HKihSVkFJlbDxuNvNES9Pm9Fh7SLVF9lUB1RjPqXmlMuAxZaF5YC KEC/4ssB4jU434YZffq+XXpMpJ9Yvj5yznELTpHwgThS/anwVPfTLH2X+c31cM+E5wy7 dWFHIifTi8vZCmRqIkSbq1q6ipfMHGw2hm4Boi2Wsviu2wYiTUilXam7WtdH3haOgpq5 2YJJQenFwnxYQO5BF/MAZXEqDvwLP0WUiG+t8lXOed7EpnnHNq4ThHcPililCaKrs0vd IZcw== X-Gm-Message-State: AOAM530FjAxGlN7zMcYra2ImchCloXh49Q+3M3vU1yacdx90GhpBKnnw 5yx665R2KM37FQtMuuZSLq8= X-Google-Smtp-Source: ABdhPJzQUC5ovxasPK4Zv+LVYySgLlC9CcCXUoEEqzmZvidbGntEKvL/KJuXpdLEG7HyQ5/CbuxQXA== X-Received: by 2002:a1c:4302:: with SMTP id q2mr9396842wma.54.1592411150636; Wed, 17 Jun 2020 09:25:50 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id v19sm263447wml.26.2020.06.17.09.25.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2020 09:25:49 -0700 (PDT) Message-ID: <40e1679fa61043764dfa8fe4715282b1305e91e1.camel@debian.org> From: Luca Boccassi To: Ferruh Yigit , Stephen Hemminger Cc: web@dpdk.org Date: Wed, 17 Jun 2020 17:25:48 +0100 In-Reply-To: <86a9d2d2-156e-d6ea-4a00-ccbb7d71b3da@intel.com> References: <20200520204136.29982-1-stephen@networkplumber.org> <9e609142-f3e0-328f-f6bf-c8d506d29b3c@intel.com> <20200522134615.1dae119b@hermes.lan> <86a9d2d2-156e-d6ea-4a00-ccbb7d71b3da@intel.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.30.5-1.1 MIME-Version: 1.0 Subject: Re: [dpdk-web] [PATCH] add my gpg key id X-BeenThere: web@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK website maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: web-bounces@dpdk.org Sender: "web" On Wed, 2020-06-17 at 15:01 +0100, Ferruh Yigit wrote: > On 5/22/2020 9:46 PM, Stephen Hemminger wrote: > > On Fri, 22 May 2020 20:37:28 +0100 > > Ferruh Yigit wrote: > >=20 > > > On 5/20/2020 9:41 PM, Stephen Hemminger wrote: > > > > Put my current GPG key id on the security web page. > > > > Keep maintainers names in alphabetical order here. > > > >=20 > > > > Signed-off-by: Stephen Hemminger > > > > --- > > > > content/security/_index.md | 1 + > > > > 1 file changed, 1 insertion(+) > > > >=20 > > > > diff --git a/content/security/_index.md b/content/security/_index.m= d > > > > index 79349dbb66a6..264de573698f 100644 > > > > --- a/content/security/_index.md > > > > +++ b/content/security/_index.md > > > > @@ -19,4 +19,5 @@ The Security Team can be reached at [security@dpd= k.org](ma > ilto:security@dpdk.org > > > > For any security report, the message should be encrypted with the = following > GPG keys: > > > > - `F933EB43DF13611F` - *Ferruh Yigit* > > > > +- `80A77F6095CDE47E` - *Stephen Hemminger* > > > > - `683000CC50B9E390` - *Thomas Monjalon* > > > >=20 > > >=20 > > > Hi Stephen, > > >=20 > > > A theoretical question, how can we be sure you are you? (Not a malici= ous pers > on > > > sending an email from your email address and trying to add its key to= steal a > ll > > > DPDK security secrets J) > >=20 > > I could send the patch via signed email, but git send-email doesn't do = that by > default. > > But that would not answer your question which is a web of trust issue. > > My key is in the Linux kernel web of trust already, it is rather old > >=20 >=20 > (re-sending, since mail list rejected signature file) >=20 > For this patch > Acked-by: Ferruh Yigit >=20 >=20 > But for the overall trust issue, should we also have a "web of trust" and= what > needs to be done for it? We can check by uploading to https://keys.openpgp.org/about which checks that you own the email address before allowing the key to be added --=20 Kind regards, Luca Boccassi