|
|
Subscribe / Log in / New account

Pwning?

Pwning?

Posted Oct 21, 2024 23:32 UTC (Mon) by welinder (guest, #4699)
Parent article: A new kernel testing tree

"Instead, pull requests are monitored and grabbed directly from the mailing list."

So we're one spoofed email away from running arbitrary code on the CI server? (Which is probably a throw-away VM but still.)

to post comments

Pwning?

Posted Oct 22, 2024 7:03 UTC (Tue) by geert (subscriber, #98403) [Link] (2 responses)

Pull requests (are supposed to) use signed git tags.

Pwning?

Posted Oct 22, 2024 16:54 UTC (Tue) by xtifr (guest, #143) [Link] (1 responses)

So is the criterion "has a public key" or "is linked to web of trust"? Those are very different things! And either one could be a minimum for "provide a signed git tag".

Pwning?

Posted Oct 22, 2024 19:25 UTC (Tue) by geert (subscriber, #98403) [Link]

As the original article is about the Linux kernel, I expect PRs must be signed with one of the keys in the Kernel developer PGP keyring.
https://korg.docs.kernel.org/pgpkeys.html


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds