[GIT PULL] tomoyo fixes for 5.5
torvalds at linux-foundation.org
Mon Dec 30 20:14:59 UTC 2019
On Mon, Dec 30, 2019 at 3:32 AM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
> This is my first time for sending pull requests. It seems that most people
> create a tag signed with GPG key but a few people send pull requests on
> master branch without signing with GPG key. Did I follow necessary steps?
I do require the gpg signed tag for non-kernel.org pull requests like this.
I trust the security at kernel.org - it requires 2FA and a gpg key
just to even push to a git repo there at all - but even there I
_prefer_ tags. But outside of kernel.org I absolutely do want to see a
signed tag for a pull request, not just a master branch.
Side note: I don't actually require the pgp key to be something I have
a direct path to, and if you can't get big set of signatures on yours,
that's fine for initial pull requests. The key ends up still being a
kind of identity, and we can work on getting the proper web of trust
built up over time.
More information about the Linux-security-module-archive