A typical kernel development cycle involves pulling patches from over 100 repositories into the mainline. Any of those pulls could conceivably bring with it malicious code, leaving the kernel (and its users) open to compromise. The kernel's web of trust helps maintainers to ensure that pull requests are legitimate, but that web has become difficult to maintain in the wake of the recent attacks on key servers and other problems. So now the kernel community is taking management of its web of trust into its own hands.
More like this (2)
CEO of Howard Development & Consulting, the web development firm creative agencies trust when every pixel...CEO of Howard Development & Consulting, the web development firm creative agencies trust when every pixel matters.During my two decades as a professional web developer, I’ve watched the Internet evolve from its simple and humble origins into a complex and ever-changing cocktail of browsers, devices and edicts from t...
The kernel development process is based on trust at many levels — trust in developers, but...The kernel development process is based on trust at many levels — trust in developers, but also in the infrastructure that supports the community. In some cases, that trust may not be entirely deserved; most of us have long since learned not to trust much of anything that shows up in email, for example, but developers still generally trust that emailed patches will be...