* [gentoo-user] OT: latest longterm kernel.org patches are unsigned
@ 2018-08-17 16:07 Ian Zimmerman
2018-08-19 20:01 ` Nils Freydank
2018-08-20 21:33 ` james
0 siblings, 2 replies; 4+ messages in thread
From: Ian Zimmerman @ 2018-08-17 16:07 UTC (permalink / raw
To: gentoo-user
If you browse this URL:
https://cdn.kernel.org/pub/linux/kernel/v4.x/
you'll see that for each 4.14 patch up to 4.14.58 there is a
cooresponding GPG signature file:
patch-4.14.58.sign 25-Jul-2018 09:28 833
patch-4.14.58.xz 25-Jul-2018 09:28 1M
etc.
But starting with 4.14.59, there are no .sign files. Why? Is this a
bug, and if so, where do I report it?
This breaks my lovingly duct-taped kernel update infrastructure ...
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] OT: latest longterm kernel.org patches are unsigned
2018-08-17 16:07 [gentoo-user] OT: latest longterm kernel.org patches are unsigned Ian Zimmerman
@ 2018-08-19 20:01 ` Nils Freydank
2018-08-20 21:33 ` james
1 sibling, 0 replies; 4+ messages in thread
From: Nils Freydank @ 2018-08-19 20:01 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1390 bytes --]
Hi,
kernel.org won’t provide the signatures anymore. I was politely pointed
to the following site via IRC but got no reason for it.
https://www.kernel.org/category/site-news.html
--- Quote ---
No future PGP signatures on patches and changelogs
For legacy purposes, we will continue to provide pre-generated changelogs and
patches (both to the previous mainline and incremental patches to previous
stable). However, from now on they will be generated by automated processes
and will no longer carry detached PGP signatures. If you require
cryptographically verified patches, please generate them directly from the
stable git repository after verifying the PGP signatures on the tags using git
verify-tag.
--- EOQ ---
Am Freitag, 17. August 2018, 18:07:13 CEST schrieb Ian Zimmerman:
> If you browse this URL:
>
> https://cdn.kernel.org/pub/linux/kernel/v4.x/
>
> you'll see that for each 4.14 patch up to 4.14.58 there is a
> cooresponding GPG signature file:
>
> patch-4.14.58.sign 25-Jul-2018 09:28 833
> patch-4.14.58.xz 25-Jul-2018 09:28 1M
>
> etc.
>
> But starting with 4.14.59, there are no .sign files. Why? Is this a
> bug, and if so, where do I report it?
>
> This breaks my lovingly duct-taped kernel update infrastructure ...
--
GPG fingerprint: '00EF D31F 1B60 D5DB ADB8 31C1 C0EC E696 0E54 475B'
Nils Freydank
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] OT: latest longterm kernel.org patches are unsigned
2018-08-17 16:07 [gentoo-user] OT: latest longterm kernel.org patches are unsigned Ian Zimmerman
2018-08-19 20:01 ` Nils Freydank
@ 2018-08-20 21:33 ` james
2018-08-21 3:22 ` J. Roeleveld
1 sibling, 1 reply; 4+ messages in thread
From: james @ 2018-08-20 21:33 UTC (permalink / raw
To: gentoo-user
On 8/17/18 12:07 PM, Ian Zimmerman wrote:
> If you browse this URL:
>
> https://cdn.kernel.org/pub/linux/kernel/v4.x/
>
> you'll see that for each 4.14 patch up to 4.14.58 there is a
> cooresponding GPG signature file:
>
> patch-4.14.58.sign 25-Jul-2018 09:28 833
> patch-4.14.58.xz 25-Jul-2018 09:28 1M
>
> etc.
>
> But starting with 4.14.59, there are no .sign files. Why? Is this a
> bug, and if so, where do I report it?
>
> This breaks my lovingly duct-taped kernel update infrastructure ...
>
Ian,
Not sure this is related to your problem but it's an interesting read
about (intel) microcodes and current blocks being enforced by Gentoo,
clandestinely?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158
https://bugs.gentoo.org/664134
Apologies if I research is fragmented or flawed...
hth,
James
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] OT: latest longterm kernel.org patches are unsigned
2018-08-20 21:33 ` james
@ 2018-08-21 3:22 ` J. Roeleveld
0 siblings, 0 replies; 4+ messages in thread
From: J. Roeleveld @ 2018-08-21 3:22 UTC (permalink / raw
To: gentoo-user
On August 20, 2018 9:33:03 PM UTC, james <garftd@verizon.net> wrote:
>On 8/17/18 12:07 PM, Ian Zimmerman wrote:
>> If you browse this URL:
>>
>> https://cdn.kernel.org/pub/linux/kernel/v4.x/
>>
>> you'll see that for each 4.14 patch up to 4.14.58 there is a
>> cooresponding GPG signature file:
>>
>> patch-4.14.58.sign 25-Jul-2018 09:28 833
>> patch-4.14.58.xz 25-Jul-2018 09:28 1M
>>
>> etc.
>>
>> But starting with 4.14.59, there are no .sign files. Why? Is this a
>> bug, and if so, where do I report it?
>>
>> This breaks my lovingly duct-taped kernel update infrastructure ...
>>
>
>Ian,
>
>Not sure this is related to your problem but it's an interesting read
>about (intel) microcodes and current blocks being enforced by Gentoo,
>clandestinely?
>
>
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158
>
>https://bugs.gentoo.org/664134
>
>
>Apologies if I research is fragmented or flawed...
>
>hth,
>James
Interesting read.
Can't update the bug at the moment, but downloading the microcode file worked and I didn't see any license agreement.
--
Joost
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-08-21 3:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-08-17 16:07 [gentoo-user] OT: latest longterm kernel.org patches are unsigned Ian Zimmerman
2018-08-19 20:01 ` Nils Freydank
2018-08-20 21:33 ` james
2018-08-21 3:22 ` J. Roeleveld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox