[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes |
Date: |
Tue, 11 Mar 2014 13:49:15 +0200 |
On Tue, Mar 11, 2014 at 11:32:41AM +0000, Peter Maydell wrote:
> On 11 March 2014 11:22, Michael S. Tsirkin <address@hidden> wrote:
> > BTW I still see these warnings in the logs:
> > # gpg: WARNING: This key is not certified with a trusted signature!
> > # gpg: There is no indication that the signature belongs to
> > # the
> >
> > These seem counter-productive: people get used
> > to ignoring the warnings.
> > A bunch of people verified my key at the latest KVM forum
> > so how about importing keys from contributors
> > and denying pulls where keys don't match?
>
> That won't help with removing the warning. What gpg
> is saying here is "I found this key in the keyring,
> and the signature checks out, but there's no chain
> of trust between the person who applied the pull
> and that key". That is, I haven't signed your key.
Okay ... would you like to sign it?
Didn't you go to the key signing party at the forum?
If yes you have all the data :)
> The other kind of warning is:
> # gpg: Signature made Sat 08 Mar 2014 21:26:01 GMT using RSA key ID
> 5872D723
> # gpg: Can't check signature: public key not found
>
> which means "I didn't find the gpg key in the keyring".
>
> Genuinely mismatching signatures would be a gpg
> error rather than a mere warning, I think.
>
> Since we're still accepting unsigned pullrequests
> I don't think this matters too much. In either case
> if somebody really cares later they can attempt to
> establish a chain of trust between themselves and the
> submitter after the fact, I guess.
But the commit log will include the warning forever I think?
> Personally I think the next step we should take would
> be to get all the people currently submitting unsigned
> pull requests to move over to signing them.
>
> thanks
> -- PMM
I think this was agreed on the forum so you
can start enforcing this straight away if you wish :)
--
MST
- [Qemu-devel] [PULL v3 11/14] acpi-test: issue errors instead of warnings when possible, (continued)
- [Qemu-devel] [PULL v3 11/14] acpi-test: issue errors instead of warnings when possible, Michael S. Tsirkin, 2014/03/09
- [Qemu-devel] [PULL v3 12/14] pam: partly fix write-only mode, Michael S. Tsirkin, 2014/03/09
- [Qemu-devel] [PULL v3 13/14] pckbd: return 'keyboard enabled' on read input port command, Michael S. Tsirkin, 2014/03/09
- [Qemu-devel] [PULL v3 14/14] qemu: x86: ignore ioapic polarity, Michael S. Tsirkin, 2014/03/09
- [Qemu-devel] [PULL v3 07/14] Add 'debug-threads' suboption to --name, Michael S. Tsirkin, 2014/03/09
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Peter Maydell, 2014/03/10
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Michael S. Tsirkin, 2014/03/10
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Peter Maydell, 2014/03/11
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Michael S. Tsirkin, 2014/03/11
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Peter Maydell, 2014/03/11
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes,
Michael S. Tsirkin <=
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Peter Maydell, 2014/03/11
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Michael S. Tsirkin, 2014/03/11
- Re: [Qemu-devel] [PULL v3 00/14] acpi, pc, pci, virtio, memory bug fixes, Peter Maydell, 2014/03/11