Attestation for kernel patches

Posted Mar 3, 2020 21:16 UTC (Tue) by dkg (subscriber, #55359)
Parent article: Attestation for kernel patches

The proposed mechanism seems surprisingly convoluted for its intended purpose.

It would be simpler to add some sort of --sign-with option to git send-email, and some sort of --require-signature-from option to git am, and use e-mail PGP/MIME (or S/MIME, i don't really care) cryptographic signatures.

Then users could add the appropriate options to their git config and move on with their existing workflow.

One legitimate concern with this counter-proposal is that the "patch metadata" won't be automatically covered by the signature. This has been a long-standing flaw in cryptographic e-mail signatures, but it has a very simple resolution (replicating the relevant e-mail headers inside the cryptographic payload), which is already in use by multiple e-mail clients.