itpol

Commit Graph

Author	SHA1	Message	Date
Konstantin Ryabitsev	0e769e1426	Merge pull request #44 from Tachi107/patch-1 protecting-code-integrity: fix typo in subtitle	10 months ago
Andrea Pappacoda	1e6e85aebb	protecting-code-integrity: fix typo in subtitle cerification -> certification Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>	10 months ago
Konstantin Ryabitsev	e536c34df0	Merge branch 'master' of https://github.com/mricon/itpol into mricon-master Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	2 years ago
Konstantin Ryabitsev	bc0503d8bf	Update the code integrity guide for 2021 - Remove traces of gnupg-1.4, as everything is finally gnupg-2.x - Switch to using ECC cryptography for the subkeys - Stop calling the certification subkey the "master key" as it's a bad analogy and that terminology isn't used anywhere in GnuPG docs Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	2 years ago
salah3x	f879c68248	Add a table of contents to each guide Signed-off-by: salah3x <salah.loukili@gmail.com>	2 years ago
Trevor Bramwell	19b027f63a	Fix Broken links to Announcement The hosting space for the initial blog post announcing this work was moved, and a redirect put in place. That redirect appears to have stopped, or the article moved again. Either way, this appears to be the canonical location of the article. Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>	2 years ago
Alexey Kopytko	4ca8b99e0b	Update protecting-code-integrity.md Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN. From the developer: http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional	2 years ago
Konstantin Ryabitsev	6ff6fdad73	Use -o instead of stdout redirect with paperkey Using -o makes sure that the file is created with 0600 permissions instead of whatever the default umask setting is. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	2 years ago
Konstantin Ryabitsev	31afef433d	Remove kernel-developer-pgp-guide This document is now part of the official kernel documentation found here: https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	2 years ago
Andrew Grimberg	6c293acc00	Merge pull request #34 from salah3x/master Add a table of contents to each guide	3 years ago
salah3x	11ed0bf162	Add a table of contents to each guide Signed-off-by: salah3x <salah.loukili@gmail.com>	3 years ago
Andrew Grimberg	d6737c777e	Merge pull request #30 from bramwelt/master Fix Broken links to Announcement	4 years ago
Trevor Bramwell	180a2fd99f	Fix Broken links to Announcement The hosting space for the initial blog post announcing this work was moved, and a redirect put in place. That redirect appears to have stopped, or the article moved again. Either way, this appears to be the canonical location of the article. Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>	4 years ago
Konstantin Ryabitsev	ff92fae080	Merge pull request #29 from sanmai/patch-1 Remove reset code instructions (erroneous info)	4 years ago
Alexey Kopytko	6e27a0f9ae	Update protecting-code-integrity.md Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN. From the developer: http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional	4 years ago
Konstantin Ryabitsev	51026930ef	Use -o instead of stdout redirect with paperkey Using -o makes sure that the file is created with 0600 permissions instead of whatever the default umask setting is. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	51be7788df	Minor wording tweaks Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	2158dc39b2	Rework free software/audience paragraph Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	a4924d87b5	ECC support is in GnuPG 2.1+, not v2 in general Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	319a4729a3	Wording on the kernel guide Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	6747fadc24	Finish up the kernel developer PGP guide Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	7b5b243a37	Almost done on the kernel guide Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	85ae656965	Start work on kernel-specific guide Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	9ebcdf3b75	Minor tweaks and take out of BETA Protecting code integrity is ready to go production. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	1d3b58d17a	Tweak some wording Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	7c7477f20c	What is git PGP integration trying to solve? Per question in #28, explain why git and pgp integration are useful. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	5 years ago
Konstantin Ryabitsev	126e4f0b5d	Add a note that cp on sockets will fail, but is ok Per issue #25. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	8a9d547d3e	Explain why master key is 4096 bits Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	d859f24c82	Merge pull request #26 from henrich/master Add GPG4Win installation for Windows Platform	6 years ago
Hideki Yamane	f302bf3478	Add GPG4Win installation for Windows Platform	6 years ago
Konstantin Ryabitsev	e836303976	Merge pull request #24 from ftheile/patch-1 Use `--homedir` consistently	6 years ago
Frank Theile	1c36837f07	Use `--homedir` consistently	6 years ago
Konstantin Ryabitsev	304cd46a38	Merge pull request #23 from ftheile/patch-2 Master key backup: use consistent mount point in all examples	6 years ago
Konstantin Ryabitsev	eaf82430cd	Merge pull request #22 from ftheile/patch-1 Always use `~` instead of `$HOME` for consistency	6 years ago
Frank Theile	3162817e7c	Master key backup: use consistent mount point in all examples	6 years ago
Frank Theile	6c208d9583	Always use `~` instead of `$HOME` for consistency	6 years ago
Konstantin Ryabitsev	790759787e	Typo and wording fixes Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	e44163234d	Add TRANSLATIONS file Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	1501d8869d	Set status CURRENT/BETA/OUTDATED Need to mark that the protecting-code-integrity document is not quite ready to be called final product. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	eafaf6ccc1	Tweak verbiage Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	501e4ceb88	Remove the zh_CN translation It's obsolete and I have decided not to track these in the same repo. Please publish your own forks with translated documents and I will create a translations.md file with links. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	3148a35dda	Add U2F section and tweak wks-security doc Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	34233e9d81	Move to protecting-coide-integrity Largely finishes the document -- will work on updated content in "trusted team communication" and by reviewing the workstation security guide. We need at least a basic workstation security guide for the Mac systems. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	9d61a13f1c	Edits and a privacy note for keyservers Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	f35667dddc	Add large chunk of git+pgp content Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	62815ea38e	Largely finish the PGP/smartcard section Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	a93d12f80a	Add more GnuPG bits Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	c51f664e8e	More base PGP work Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	526b138907	Start on Developer Security Hygiene Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago
Konstantin Ryabitsev	b5b0034191	Remove GrSecurity/PAX and trim down SELinux Now that GrSecurity/PaX are no longer available for free download, it is almost impossible to get it without paying significant amounts of money. Remove them from the recommendation, but mention that it remains a viable option for anyone who has a subscription. Additionally, trim down the SELinux section to remove the detailed instructions on audit2allow and staff_u. Such details are probably best suited for a dedicated document. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>	6 years ago

1 2

92 Commits (master) All Branches Search

92 Commits (master)

All Branches