Commit Graph

7 Commits

Author SHA1 Message Date
SeongJae Park 59c6a716b1 Documentation/process/maintainer-pgp-guide: Replace broken link to PGP path finder
PGP pathfinder[1], which is suggested for finding a trust path to
unknown PGP keys by 'maintainer-pgp-guide.rst', is not working now.
This commit replaces it with other available tools.

[1] https://pgp.cs.uu.nl/

Signed-off-by: SeongJae Park <sjpark@amazon.de>
Reviewed-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210812095030.4704-2-sj38.park@gmail.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2021-08-24 13:23:21 -06:00
Alexander A. Klimov e7b4311ebc Replace HTTP links with HTTPS ones: Documentation/process
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
          If both the HTTP and HTTPS versions
          return 200 OK and serve the same content:
            Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Acked-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Link: https://lore.kernel.org/r/20200621133630.46435-1-grandmaster@al2klimov.de
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2020-06-26 11:19:43 -06:00
Konstantin Ryabitsev cca5e0b8a4 Documentation: PGP: update for newer HW devices
Newer devices like Yubikey 5 and Nitrokey Pro 2 have added support for
NISTP's implementation of ECC cryptography, so update the guide
accordingly and add a note on when to use nistp256 and when to use
ed25519 for generating S keys.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2019-06-26 16:08:03 -06:00
Federico Vaga fbf7c7e046 doc: fix typo in PGP guide
Fix typo in the GPG guide for maintainers

Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2019-04-30 06:23:20 -06:00
Konstantin Ryabitsev 1ba2211c52 Documentation/process: updates to the PGP guide
Small tweaks to the Maintainer PGP guide:

 - Use --quick-addkey command that is compatible between GnuPG-2.2 and
   GnuPG-2.1 (which many people still have)
 - Add a note about the Nitrokey program
 - Warn that some devices can't change the passphrase before there are
   keys on the card (specifically, Nitrokeys)
 - Link to the GnuPG wiki page about gpg-agent forwarding over ssh
 - Tell git to use gpgv2 instead of legacy gpgv when verifying signed
   tags or commits

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2018-04-16 14:03:50 -06:00
Konstantin Ryabitsev 78ed784519 Documentation/process: tweak pgp maintainer guide
Based on the feedback provided:

- Uniformly use lowercase k in "Linux kernel"
- Give a one-sentence explanation of what subkeys are
- Explain what signed commits might be useful for even if upstream
  developers do not use them for much of anything
- Admonish to set up gpg-agent if signed commits are turned on in
  git config
- Fix a typo reported by Luc Van Oostenryck

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2018-02-06 16:31:56 -07:00
Konstantin Ryabitsev b72dde3869 Documentation/process: kernel maintainer PGP guide
This guide is an adapted version of the more general "Protecting Code
Integrity" guide written and maintained by The Linux Foundation IT for
use with open-source projects. It provides the oft-lacking guidance on
the following topics:

- how to properly protect one's PGP keys to minimize the risks of them
  being stolen and used maliciously to impersonate a kernel developer
- how to configure Git to properly use GnuPG
- when and how to use PGP with Git
- how to verify fellow Linux Kernel developer identities

I believe this document should live with the rest of the documentation
describing proper processes one should follow when participating in
kernel development. Placing it in a wiki on some place like kernel.org
would be insufficient for a number of reasons -- primarily, because only
a relatively small subset of maintainers have accounts on kernel.org,
but also because even those who do rarely remember that such wiki
exists. Keeping it with the rest of in-kernel docs should hopefully give
it more visibility, but also help keep it up-to-date as tools and
processes evolve.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2018-02-01 10:58:19 -07:00