|
|
Log in / Subscribe / Register

A review of the kernel's release-signing practices

[Posted June 23, 2021 by corbet]

At the behest of the Linux Foundation, a security-oriented review of the kernel project's release-signing and key-management practices was done; the report from this work has now been published.

This review resulted in seven recommendations that can help improve the robustness of the security and use of the signing keys for the Linux Kernel. Additionally, Trail of Bits suggested that more comprehensive and up to date documentation on the current procedures and policies are needed to help organizations around the world to best understand the current stratagem.

See the full report for the details.

to post comments

A review of the kernel's release-signing practices

Posted Jun 24, 2021 2:27 UTC (Thu) by ncm (guest, #165) [Link]

Trail of Bits is a remarkable concentration of very smart people in New York City.


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds