Re: [PATCH 2/7] Docs: Bring SubmittingPatches more into the git era

From: Jonathan Corbet
Date: Wed Mar 09 2016 - 09:13:21 EST

Next message: Geert Uytterhoeven: "Re: [PATCH V2] PM / clk: Add support for obtaining clocks from device-tree"
Previous message: Yaniv Gardi: "[PATCH v7] scsi: ufs: add ioctl interface for query request"
In reply to: Laszlo Ersek: "Re: [PATCH 2/7] Docs: Bring SubmittingPatches more into the git era"
Next in thread: Jonathan Corbet: "Re: [PATCH 2/7] Docs: Bring SubmittingPatches more into the git era"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 Mar 2016 12:44:26 +0100
Laszlo Ersek <lersek@xxxxxxxxxx> wrote:

> Namely, do signed tags serve the purpose that a higher level maintainer
> can pull from a trusted, lower level maintainer without looking?
>
> At these higher levels of the patch flow, does "trusted identity"
> replace "review"?

No, I really don't think so. Signed tags just verify the origin of the
pull request.

Think of it as a form of defense in depth. Anybody who merges code into
the kernel merges bugs on a regular basis, even if they carefully review
every line. Review is a defense against threats like the deliberate
insertion of malevolent code, but it is not an absolute defense. Signed
tags, one might hope, will at least keep code from deliberately forged
pull requests out of the stream of code needing review.

Or so I see it.

jon

Next message: Geert Uytterhoeven: "Re: [PATCH V2] PM / clk: Add support for obtaining clocks from device-tree"
Previous message: Yaniv Gardi: "[PATCH v7] scsi: ufs: add ioctl interface for query request"
In reply to: Laszlo Ersek: "Re: [PATCH 2/7] Docs: Bring SubmittingPatches more into the git era"
Next in thread: Jonathan Corbet: "Re: [PATCH 2/7] Docs: Bring SubmittingPatches more into the git era"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]