From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 835DF23A99E for ; Fri, 23 Jan 2026 16:33:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769185995; cv=none; b=arOKoP5lYp8N74D1sAZj6xlsXiwvr4hgQOC2ClPO6DISnZ6uZq/K+33JUPHfZFzQb9I0pGbFDdr2esyTrVivs7a2WM5RSch6EgWSnoRr6Cto0Vg6qu0eM7GVFw9jnuPr5DN85takecYuXDdwOgiYm19CHEM8UFpmxKWSISR7AY4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769185995; c=relaxed/simple; bh=oB1+aXy1aHIBlEeyxJ/8eYXFpwaSpcpm9225Hgu7V3c=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=BnbWsa8ZFQ06YTKDMCMFL86waBOIlEKXjVWa34bzwmSIvhRi7x4h4ZZdOb9mBmvMZ8NCwzsPguPqKPw4Hf/eN3L/BKQusKaq38zacdF/0CvJtJcj5cfmyDfC2sTMfyMpbX+iqmonIWTRETk+yisMhOM/j1qVm1uLgFv2nt7jUEc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=0HXdSKza; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="0HXdSKza" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 902B5C4CEF1; Fri, 23 Jan 2026 16:33:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1769185995; bh=oB1+aXy1aHIBlEeyxJ/8eYXFpwaSpcpm9225Hgu7V3c=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=0HXdSKzaloqHnbd9G5p/WXZ2QZK8PA03U/a0GerbUaVVVPayHva/y+eiYs/gPMqoL R4FHVwWDR5OaHcTxYUQOy/ujyuPT2akGLQEyQAO59kraWn8htt7y+HiopAu0+14Hiq R2qQiEbEOVOQF4eT33GevCN5F6OBymNuMZQ9B4vU= Date: Fri, 23 Jan 2026 17:33:11 +0100 From: Greg KH To: James Bottomley Cc: Uwe =?iso-8859-1?Q?Kleine-K=F6nig?= , Konstantin Ryabitsev , users@kernel.org, ksummit@lists.linux.dev Subject: Re: Web of Trust work [Was: kernel.org tooling update] Message-ID: <2026012340-wildlife-scratch-1efd@gregkh> References: <20251209-roaring-hidden-alligator-068eea@lemur> <6e0c8c00-4efe-432a-92e8-c51aa15b4a34@kernel.org> <2026012340-cannot-spud-5d46@gregkh> <806a695eff99bd2eba935d0d5ada29cc29b31818.camel@HansenPartnership.com> Precedence: bulk X-Mailing-List: ksummit@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <806a695eff99bd2eba935d0d5ada29cc29b31818.camel@HansenPartnership.com> On Fri, Jan 23, 2026 at 11:24:33AM -0500, James Bottomley wrote: > On Fri, 2026-01-23 at 10:29 +0100, Greg KH wrote: > > On Fri, Jan 23, 2026 at 10:19:56AM +0100, Uwe Kleine-König wrote: > > > Hello Konstantin, > > > > > > On 12/10/25 05:48, Konstantin Ryabitsev wrote: > > > > ## Web of Trust work > > > > > > > > There is an ongoing work to replace our home-grown web of trust > > > > solution (that does work but has important bottlenecks and > > > > scaling limitations) with something both more distributed and > > > > easier to maintain. We're working with OpenSSF to design the > > > > framework and I hope to present it to the community in the next > > > > few months. > > > > > > the current home-grown solution is > > > https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/, right? > > > > > > I wonder what the bottlenecks and scaling limitations are that you > > > mention. > > > > > > Is there some info available already now about the path you (and > > > OpenSSF) intend to propose? > > > > There will be a presentation about this in February at a conference > > and hopefully it will be made public then as the work is still > > ongoing. > > Could you please stop doing this? The Open Source norm is to release > early and often and long before you have stable code so you get > feedback incorporated *before* you're committed to something. I'm not doing anything here, sorry. > You're making it very hard for those of us engaged in open source > advocacy inside various companies because we seem to spend a lot of our > time trying to get our engineers not to drop fully polished projects > into the public view but engage early on prototypes. It rather > undermines our position if they can point to the Linux Foundation and > say "but they do it so why shouldn't we?". When there is something that is reviewable, it will be released as a starting point for everyone to review and comment on, like any other normal open source project. It's as if you don't think we know how any of this works... Surely you don't want us to be touting a bunch of vaporware at this point in time, right? thanks, greg k-h