
Maintaining the Kernel's Web of Trust - chmaynard
https://lwn.net/SubscriberLink/798230/7f1ea6a77c0c1201/
======
pmoriarty
From the comment thread in that article:

 _" I have considered running a non-connected SKS instance, but at this point
in time everyone seems to consider SKS as pretty much dead -- it's not
maintained and nobody is willing to step up or so much as touch it due to any
number of reasons (largely, because OCaml is just too esoteric)."_

I wonder if they've tried reaching out to the OCaml community. I'd be
surprised if there weren't people in it that would be happy to step up to
help, were they aware of the need and its importance to Linux kernel
development.

They could also try actually paying someone to maintain it. As the article
notes, the Linux kernel development ecosystem is no longer staffed fully by
volunteers. There's a lot of corporate money in it now, including big
contributions from the likes of IBM and Redhat. They could certainly afford to
hire someone to take on this responsibility, if it was deemed necessary.

~~~
watt
Here's discussion from the time it was mentioned previously:
[https://news.ycombinator.com/item?id=20312826](https://news.ycombinator.com/item?id=20312826)

------
neilv
> _But, to avoid signature attacks, only signatures made with other keys
> stored in the repository are retained; that is sufficient to build the web
> of trust while eliminating the results of any signature spamming that might
> have taken place._

I didn't understand how this _alone_ is sufficient to prevent signature
spamming, once a single compromised or bad-actor signature is in the repo.

"[https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/tree/...](https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/tree/README.rst")
suggests a bit different process, which currently seems to require manual
importing of individual signatures into one's keyring.

And the automated updating of user's keyring is only of such manually-imported
signatures. (And the commit from which the updates are taken must be signed by
a key that was signed directly by the key of Torvalds or the user.)

------
cwyers
It sounds like the web of trust is an incredibly difficult problem to solve,
and also not a problem that the kernel needs to solve. Why do the kernel
developers need a decentralized way to verify signing keys?

~~~
bonzini
They don't, that's why they're just putting the keys in a git repo.

------
carapace
Just a friendly reminder: this is all moot due to ME and ilk.

[https://en.wikipedia.org/wiki/Intel_Management_Engine](https://en.wikipedia.org/wiki/Intel_Management_Engine)

[https://en.wikipedia.org/wiki/AMD_Secure_Technology](https://en.wikipedia.org/wiki/AMD_Secure_Technology)

~~~
acdha
This is not relevant to this discussion: it's like someone announced that they
were buying better locks for their house and you're going “this is all moot
because someone could just pull the roof off”.

~~~
carapace
More like the discussion isn't relevant to reality.

The house is constantly being renovated and repaired, including the locks,
doors, hinges, and every knob and button, by a lot of people, some of whom are
even actual contractors, and now a few of those have ID badges.

Meanwhile, in Ecuador... (massive database leak ~20M people's data). That's
just this morning.

