linux-toradex.git/Documentation/process/maintainer-pgp-guide.rst, branch v5.17 Linux kernel for Apalis and Colibri modules Documentation/process/maintainer-pgp-guide: Replace broken link to PGP path finder 2021-08-24T19:23:21+00:00 SeongJae Park sjpark@amazon.de 2021-08-12T09:50:30+00:00 59c6a716b14ba3092ea685b6274d5233c18cc194 PGP pathfinder[1], which is suggested for finding a trust path to unknown PGP keys by 'maintainer-pgp-guide.rst', is not working now. This commit replaces it with other available tools. [1] https://pgp.cs.uu.nl/ Signed-off-by: SeongJae Park <sjpark@amazon.de> Reviewed-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Link: https://lore.kernel.org/r/20210812095030.4704-2-sj38.park@gmail.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
PGP pathfinder[1], which is suggested for finding a trust path to
unknown PGP keys by 'maintainer-pgp-guide.rst', is not working now.
This commit replaces it with other available tools.

[1] https://pgp.cs.uu.nl/

Signed-off-by: SeongJae Park <sjpark@amazon.de>
Reviewed-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210812095030.4704-2-sj38.park@gmail.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Replace HTTP links with HTTPS ones: Documentation/process 2020-06-26T17:19:43+00:00 Alexander A. Klimov grandmaster@al2klimov.de 2020-06-21T13:36:30+00:00 e7b4311ebcac142be28c9fa1b9f63a9d35fc2a92 Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Acked-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com> Link: https://lore.kernel.org/r/20200621133630.46435-1-grandmaster@al2klimov.de Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
          If both the HTTP and HTTPS versions
          return 200 OK and serve the same content:
            Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Acked-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Link: https://lore.kernel.org/r/20200621133630.46435-1-grandmaster@al2klimov.de
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Documentation: PGP: update for newer HW devices 2019-06-26T22:08:03+00:00 Konstantin Ryabitsev konstantin@linuxfoundation.org 2019-06-26T17:49:42+00:00 cca5e0b8a430c888c5de1b5d36b87c085354f2c8 Newer devices like Yubikey 5 and Nitrokey Pro 2 have added support for NISTP's implementation of ECC cryptography, so update the guide accordingly and add a note on when to use nistp256 and when to use ed25519 for generating S keys. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Newer devices like Yubikey 5 and Nitrokey Pro 2 have added support for
NISTP's implementation of ECC cryptography, so update the guide
accordingly and add a note on when to use nistp256 and when to use
ed25519 for generating S keys.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
doc: fix typo in PGP guide 2019-04-30T12:23:20+00:00 Federico Vaga federico.vaga@vaga.pv.it 2019-04-29T21:45:14+00:00 fbf7c7e046ee4e45d18e541335c2177524e4dbd1 Fix typo in the GPG guide for maintainers Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Fix typo in the GPG guide for maintainers

Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Documentation/process: updates to the PGP guide 2018-04-16T20:03:50+00:00 Konstantin Ryabitsev konstantin@linuxfoundation.org 2018-04-12T20:44:10+00:00 1ba2211c525a205caed76adc6a328b423556f6e5 Small tweaks to the Maintainer PGP guide: - Use --quick-addkey command that is compatible between GnuPG-2.2 and GnuPG-2.1 (which many people still have) - Add a note about the Nitrokey program - Warn that some devices can't change the passphrase before there are keys on the card (specifically, Nitrokeys) - Link to the GnuPG wiki page about gpg-agent forwarding over ssh - Tell git to use gpgv2 instead of legacy gpgv when verifying signed tags or commits Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Small tweaks to the Maintainer PGP guide:

 - Use --quick-addkey command that is compatible between GnuPG-2.2 and
   GnuPG-2.1 (which many people still have)
 - Add a note about the Nitrokey program
 - Warn that some devices can't change the passphrase before there are
   keys on the card (specifically, Nitrokeys)
 - Link to the GnuPG wiki page about gpg-agent forwarding over ssh
 - Tell git to use gpgv2 instead of legacy gpgv when verifying signed
   tags or commits

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Documentation/process: tweak pgp maintainer guide 2018-02-06T23:31:56+00:00 Konstantin Ryabitsev konstantin@linuxfoundation.org 2018-02-06T16:51:19+00:00 78ed78451963d1a4282bcda92059fdf2a7821401 Based on the feedback provided: - Uniformly use lowercase k in "Linux kernel" - Give a one-sentence explanation of what subkeys are - Explain what signed commits might be useful for even if upstream developers do not use them for much of anything - Admonish to set up gpg-agent if signed commits are turned on in git config - Fix a typo reported by Luc Van Oostenryck Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Based on the feedback provided:

- Uniformly use lowercase k in "Linux kernel"
- Give a one-sentence explanation of what subkeys are
- Explain what signed commits might be useful for even if upstream
  developers do not use them for much of anything
- Admonish to set up gpg-agent if signed commits are turned on in
  git config
- Fix a typo reported by Luc Van Oostenryck

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Documentation/process: kernel maintainer PGP guide 2018-02-01T17:58:19+00:00 Konstantin Ryabitsev konstantin@linuxfoundation.org 2018-02-01T14:42:33+00:00 b72dde3869fbac36aa95e50fbff4ff006a5125dd This guide is an adapted version of the more general "Protecting Code Integrity" guide written and maintained by The Linux Foundation IT for use with open-source projects. It provides the oft-lacking guidance on the following topics: - how to properly protect one's PGP keys to minimize the risks of them being stolen and used maliciously to impersonate a kernel developer - how to configure Git to properly use GnuPG - when and how to use PGP with Git - how to verify fellow Linux Kernel developer identities I believe this document should live with the rest of the documentation describing proper processes one should follow when participating in kernel development. Placing it in a wiki on some place like kernel.org would be insufficient for a number of reasons -- primarily, because only a relatively small subset of maintainers have accounts on kernel.org, but also because even those who do rarely remember that such wiki exists. Keeping it with the rest of in-kernel docs should hopefully give it more visibility, but also help keep it up-to-date as tools and processes evolve. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
This guide is an adapted version of the more general "Protecting Code
Integrity" guide written and maintained by The Linux Foundation IT for
use with open-source projects. It provides the oft-lacking guidance on
the following topics:

- how to properly protect one's PGP keys to minimize the risks of them
  being stolen and used maliciously to impersonate a kernel developer
- how to configure Git to properly use GnuPG
- when and how to use PGP with Git
- how to verify fellow Linux Kernel developer identities

I believe this document should live with the rest of the documentation
describing proper processes one should follow when participating in
kernel development. Placing it in a wiki on some place like kernel.org
would be insufficient for a number of reasons -- primarily, because only
a relatively small subset of maintainers have accounts on kernel.org,
but also because even those who do rarely remember that such wiki
exists. Keeping it with the rest of in-kernel docs should hopefully give
it more visibility, but also help keep it up-to-date as tools and
processes evolve.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>