Thanks; that's exactly what I was thinking. The great advantage of a digital signature is that it gives you a basis for trusting something regardless of how it got to you. If I found a kernel by the side of the road, I'd say, "Hell yes, I'll put that on my server. I can see that kernel.org blessed this particular arrangement of bits at some point." But it would be ridiculous to say, "This looks OK. Somebody signed it."
The developer signature appears to serve an entirely different purpose from the kernel.org automatic signature (I suppose it is what tells kernel.org, which does know all the individuals, it's OK to take the code), but the article makes it sound like it is a replacement of -- and improvement on -- it.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds