Linux explores new way of authenticating developers and their code - here's how it works
zdnet.com
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
- The Linux kernel is moving toward a better way of identifying developers and their code.
- This new approach can be used by other open-source projects.
- It's not being rolled out yet, but I expect it to be deployed by this time next year.
NAPA, Calif. -- In the immortal words of song developer Pete Townshend, "Well, who are you? (Who are you? Who, who, who, who?) I really wanna know!" Linux kernel maintainers have the same question: Who are their programmers, and how can the kernel community be sure the code they submit is really theirs?
For decades, Linux kernel developers used Pretty Good Privacy (PGP) to identify developers and their release artifacts. Git's PGP integration enabled signed tags to verify code repository integrity and signed commits to prevent ...
Copyright of this story solely belongs to zdnet.com . To see the full text click HERE