[GTALUG] why I like shared libraries -- no longer a popular position
Dhaval Giani
dhaval.giani at gmail.com
Sat Sep 23 09:28:45 EDT 2023
>
> The linux kernel requires that code contributors be registered. I
> think that contibutions must be cryptographically signed, but I'm not
> sure. This helps but isn't air-tight.
>
This is news to me. No, there is no registration to work on the kernel.
There us no single authority who you could register with. I believe i know
what your misunderstanding is. after the 2012 breach, Linus prefers your
tags be signed (i recall there are still a few straggler maintainers out
there). This doesn’t affect the average contributor because they don’t send
pull requests to Linus. Now because we wanted signed tags and key
distribution is a fun problem, one needed to get their keys signed. The
protocol was - I know this person and have verified their identity, so i
will sign their key. One of the things we did was check each others
government issued ids. Of course we are no experts in spotting fake ids so
that is a risk factor considered. But for most part we signed each others
keys and “verified” their identity and I think you misremembered it as
registering.
Dhaval
>
> I don't see that static linking would help with this problem.
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20230923/978f1bc9/attachment.html>
More information about the talk
mailing list