Put my current GPG key id on the security web page. Keep maintainers names in alphabetical order here. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> --- content/security/_index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/security/_index.md b/content/security/_index.md index 79349dbb66a6..264de573698f 100644 --- a/content/security/_index.md +++ b/content/security/_index.md @@ -19,4 +19,5 @@ The Security Team can be reached at [security@dpdk.org](mailto:security@dpdk.org For any security report, the message should be encrypted with the following GPG keys: - `F933EB43DF13611F` - *Ferruh Yigit* +- `80A77F6095CDE47E` - *Stephen Hemminger* - `683000CC50B9E390` - *Thomas Monjalon* -- 2.26.2
On 5/20/2020 9:41 PM, Stephen Hemminger wrote:
> Put my current GPG key id on the security web page.
> Keep maintainers names in alphabetical order here.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
> content/security/_index.md | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/content/security/_index.md b/content/security/_index.md
> index 79349dbb66a6..264de573698f 100644
> --- a/content/security/_index.md
> +++ b/content/security/_index.md
> @@ -19,4 +19,5 @@ The Security Team can be reached at [security@dpdk.org](mailto:security@dpdk.org
> For any security report, the message should be encrypted with the following GPG keys:
>
> - `F933EB43DF13611F` - *Ferruh Yigit*
> +- `80A77F6095CDE47E` - *Stephen Hemminger*
> - `683000CC50B9E390` - *Thomas Monjalon*
>
Hi Stephen,
A theoretical question, how can we be sure you are you? (Not a malicious person
sending an email from your email address and trying to add its key to steal all
DPDK security secrets J)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 5/22/2020 9:46 PM, Stephen Hemminger wrote: > On Fri, 22 May 2020 20:37:28 +0100 > Ferruh Yigit <ferruh.yigit@intel.com> wrote: > >> On 5/20/2020 9:41 PM, Stephen Hemminger wrote: >>> Put my current GPG key id on the security web page. >>> Keep maintainers names in alphabetical order here. >>> >>> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> >>> --- >>> content/security/_index.md | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/content/security/_index.md b/content/security/_index.md >>> index 79349dbb66a6..264de573698f 100644 >>> --- a/content/security/_index.md >>> +++ b/content/security/_index.md >>> @@ -19,4 +19,5 @@ The Security Team can be reached at [security@dpdk.org](ma ilto:security@dpdk.org >>> For any security report, the message should be encrypted with the following GPG keys: >>> >>> - `F933EB43DF13611F` - *Ferruh Yigit* >>> +- `80A77F6095CDE47E` - *Stephen Hemminger* >>> - `683000CC50B9E390` - *Thomas Monjalon* >>> >> >> Hi Stephen, >> >> A theoretical question, how can we be sure you are you? (Not a malicious pers on >> sending an email from your email address and trying to add its key to steal a ll >> DPDK security secrets J) > > I could send the patch via signed email, but git send-email doesn't do that by default. > But that would not answer your question which is a web of trust issue. > My key is in the Linux kernel web of trust already, it is rather old > (re-sending, since mail list rejected signature file) For this patch Acked-by: Ferruh Yigit <ferruh.yigit@intel.com> But for the overall trust issue, should we also have a "web of trust" and what needs to be done for it? -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE0jZTh0IuwoTjmYHH+TPrQ98TYR8FAl7qIikACgkQ+TPrQ98T YR++CBAAqPh9kK+v+DJwJR6jwrV8pmpv8qNUF1kOkkrp/hCsr0SF+E8IFupqNMCC 2ULrIKINQLizpTFd7S/iQN72jnobfSsCfLsYW//vN6YL9VTYPTFJQzm+44RDHn0l TDVETGqBnKeI9Vuw12Sicuj+5mHscW2uKOmsv+hB16jB0FoZsaaXpfYJMDfCpjr1 O4h1b2zQ7SrqdHd40HsiDkxO6qhypdm9L8NjOBxiewOYDGNCrdzCMPn+jqW/rfrr jh+EDEEVlEWFOQHbOoRVX8cuXk84dL/W3C6/UlttSVN8nDqqFOolT30Fhmj1DT6W SamBYjmHyH+ujIxe2w2+8O0+HeDQGj9/XRfZbVmPQP9/UOQGuzjHfA+kTTCKyz47 kS8/g7a4cmfQ6sU69ib5Ht7BjfCDFyA09v/prgLCd4Y56Mlqi6zWBMmAjHC+eTlv 3bXY9paMvGYNjKZ1jsA/hJMQwRkB/s9q8FnUcWfl3dZwcGPdtey0ucflKixibTHn VouLGErbdjK6Xz1Ab8lmZQUY2E5nc3tlKPVU3aNMQKDa7X5TkmgoOkO7jwSE5a2b DRdL05ga9mcepqOz8bYzKitEh8md00MIzfjG4pTZLMELLn4mie9VYJWnDdXN7lB0 C9iPNUweoWnrFdZNBbOeM9iFaus+uShThYKunDpuy1XIZ5qCy9w= =udDF -----END PGP SIGNATURE-----
On Wed, 2020-06-17 at 15:01 +0100, Ferruh Yigit wrote: > On 5/22/2020 9:46 PM, Stephen Hemminger wrote: > > On Fri, 22 May 2020 20:37:28 +0100 > > Ferruh Yigit <ferruh.yigit@intel.com> wrote: > > > > > On 5/20/2020 9:41 PM, Stephen Hemminger wrote: > > > > Put my current GPG key id on the security web page. > > > > Keep maintainers names in alphabetical order here. > > > > > > > > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> > > > > --- > > > > content/security/_index.md | 1 + > > > > 1 file changed, 1 insertion(+) > > > > > > > > diff --git a/content/security/_index.md b/content/security/_index.md > > > > index 79349dbb66a6..264de573698f 100644 > > > > --- a/content/security/_index.md > > > > +++ b/content/security/_index.md > > > > @@ -19,4 +19,5 @@ The Security Team can be reached at [security@dpdk.org](ma > ilto:security@dpdk.org > > > > For any security report, the message should be encrypted with the following > GPG keys: > > > > - `F933EB43DF13611F` - *Ferruh Yigit* > > > > +- `80A77F6095CDE47E` - *Stephen Hemminger* > > > > - `683000CC50B9E390` - *Thomas Monjalon* > > > > > > > > > > Hi Stephen, > > > > > > A theoretical question, how can we be sure you are you? (Not a malicious pers > on > > > sending an email from your email address and trying to add its key to steal a > ll > > > DPDK security secrets J) > > > > I could send the patch via signed email, but git send-email doesn't do that by > default. > > But that would not answer your question which is a web of trust issue. > > My key is in the Linux kernel web of trust already, it is rather old > > > > (re-sending, since mail list rejected signature file) > > For this patch > Acked-by: Ferruh Yigit <ferruh.yigit@intel.com> > > > But for the overall trust issue, should we also have a "web of trust" and what > needs to be done for it? We can check by uploading to https://keys.openpgp.org/about which checks that you own the email address before allowing the key to be added -- Kind regards, Luca Boccassi
20/05/2020 22:41, Stephen Hemminger:
> Put my current GPG key id on the security web page.
> Keep maintainers names in alphabetical order here.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
> - `F933EB43DF13611F` - *Ferruh Yigit*
> +- `80A77F6095CDE47E` - *Stephen Hemminger*
> - `683000CC50B9E390` - *Thomas Monjalon*
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Applied