kernel.org no longer centrally signs submissions
Posted Nov 8, 2011 19:52 UTC (Tue) by giraffedata
In reply to: KS2011: Kernel.org report
Parent article: KS2011: Kernel.org report
Then am I right that the new system wherein developers sign files with their own keys is less valuable than the old one where they were signed by kernel.org automatically? I'm skeptical, but where am I wrong?
With the new system, when I look at a file I know it came from some identifiable individual I don't know anything about. With the old one, I know it came from kernel.org. I know something about kernel.org. I know it's set up (and always has been) to tend not to accept garbage.
to post comments)