The #Linux #kernel's #PGP Web of Trust

blog.kleine-koenig.org/ukl/the… (by @ukleinek )

"[…] However there is a problem on the horizon: GnuPG 2.4.x started to reject third-party key signatures using the SHA-1 hash algorithm. […] This doesn't directly affect the kernel-pgpkeys repo, […] When Konstantin imported the updated certificate GnuPG's "cleaning" was applied which dropped all SHA-1 signatures. So Theodore Ts'o's key lost 168 signatures, among them one by Linus Torvalds on his primary UID. […] That made me wonder what would be the effect on the web of trust if all SHA-1 signatures were dropped. Here are the facts: […]"