Yuichiro Chino/Moment via Getty Images
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
The Linux kernel is moving toward a better way of identifying developers and their code.
This new approach can be used by other open-source projects.
It's not being rolled out yet, but I expect it to be deployed by this time next year.
NAPA, Calif. -- In the immortal words of song developer Pete Townshend, "Well, who are you? (Who are you? Who, who, who, who?) I really wanna know!" Linux kernel maintainers have the same question: Who are their programmers, and how can the kernel community be sure the code they submit is really theirs?
For decades, Linux kernel developers used Pretty Good Privacy (PGP) to identify developers and their release artifacts. Git's PGP integration enabled signed tags to verify code repository integrity and signed commits to prevent hackers from impersonating legitimate developers.
Also: The latest Linux kernel release closes out the 6.x era - and it's a gift to cloud admins
... continue reading