Zack’s Kernel News
Zack’s Kernel News
Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.
Recently, the kernel.org servers were cracked by attackers who were able to gain root-level access. The attackers then inserted trojan horses into the source releases for certain Linux kernel release candidates (-rc releases). This attack caused a lot of work for the kernel. org system administrators and resulted in a number of discussion threads on the linux-kernel mailing list, considering ways to avoid similar security compromises in the future.
In one thread, Junio C Hamano, the Git maintainer, asked the kernel folks if there were any special Git features they wanted, that might increase the security of a Git archive that involved many contributors (e.g., the Linux kernel). He suggested providing the ability to cryptographically sign all pushes, as well as having Git produce more output on certain types of failure modes. Linus Torvalds replied, saying he liked the idea of increased verbosity; but, about cryptographic signatures, he said:
"I realize that cryptographic signatures sound very important right now, but in the end, *real* trust comes from people, not from signatures. Realistically, I checked a few signatures this time around due to the kernel.org issues, but at the same time, the thing that made me trust most of it was just looking at commits and the email messages. The unconscious and non-cryptographic 'signature' of a person acting like you expect a person to act."
"Technical measures can be subverted, and I think we should also think about the social side. Every time somebody mentions a signature,I want to also mention 'human readability', because I think that matters as much, if not more."
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
News
-
Another New Linux Laptop has Arrived
Slimbook has released a monster of a Linux gaming laptop.
-
Mozilla VPN Now Available for Linux
The promised subscription-based VPN service from Mozilla is now available for the Linux platform.
-
Wayland and New App Menu Coming to KDE
The 2021 roadmap for the KDE desktop environment includes some exciting features and improvements.
-
Deepin 20.1 has Arrived
Debian-based Deepin 20.1 has been released with some interesting new features.
-
CloudLinux Commits Over 1 Million Dollars to CentOS Replacement
An open source, drop-in replacement for CentOS is on its way.
-
Linux Mint 20.1 Beta has Been Released
The first beta of Linux Mint, Ulyssa, is now available for downloading.
-
Manjaro Linux 20.2 has Been Unleashed
The latest iteration of Manjaro Linux has been released with a few interesting new features.
-
Patreon Project Looks to Bring Linux to Apple Silicon
Developer Hector Martin has created a patreon page to fund his work on developing a port of Linux for Apple Silicon Macs.
-
A New Chrome OS-Like Ubuntu Remix is Now Available
Ubuntu Web looks to be your Chrome OS alternative.
-
System76 Refreshes the Galago Pro Laptop
Linux hardware maker has revamped one of their most popular laptops.