Why another mailing list service?

Linux development started in 1991 and has been ongoing for the past 30 years at an ever-increasing pace. Many popular code collaboration platforms have risen throughout these three decades -- and while some of them are still around, many others have shut down and disappeared without offering any way to preserve the history of the projects they used to host.

Development via mailed-in patches remains the only widely used mechanism for code collaboration that does not rely on centralized infrastructure maintained by any single entity. The Linux developer community sees transparency, independence and decentralization as core guiding principles behind Linux development, so it has deliberately chosen to continue using email for all its past and ongoing collaboration efforts.

What about vger.kernel.org?

The infrastructure behind lists.linux.dev supports multiple domains, so all mailing lists hosted on vger.kernel.org will be carefully migrated to the same platform while preserving current addresses, subscribers, and list ids. The only thing that will noticeably change is the procedure to subscribe and unsubscribe from individual lists. As majordomo is no longer maintained, we will instead switch to using separate subscribe/unsusbscribe addresses per each list.

There are no firm ETAs for this migration, but if you are currently subscribed to any mailing list hosted on vger.kernel.org, you will receive a message when the migration date is approaching.

Who qualifies for this program?

To qualify for the program, you need to have an account at kernel.org or have your email address listed in the MAINTAINERS file (following the "M:" heading). If you do not currently qualify but think you should, the easiest course of action is to get yourself added to the MAINTAINERS file or to apply for an account at kernel.org.

Which devices are available under this program?

The program is limited to Nitrokey Start devices. There are several reasons why we picked this particular device among several available options.

First of all, many Linux kernel developers have a strong preference not just for open-source software, but for open hardware as well. Nitrokey is one of the few companies selling GnuPG-compatible smartcard devices that provide both, since Nitrokey Start is based on Gnuk cryptographic token firmware developed by Free Software Initiative of Japan. It is also one of the few commercially available devices that offer native support for ECC keys, which are both faster computationally than large RSA keys and generate smaller digital signatures. With our push to use more code signing of git objects themselves, both the open nature of the device and its support for fast modern cryptography were key points in our evaluation.

Additionally, Nitrokey devices (both Start and Pro models) are already used by open-source developers for cryptographic purposes and they are known to work well with Linux workstations.

What is the benefit of digital smartcard tokens?

With usual GnuPG operations, the private keys are stored in the home directory where they can be stolen by malware or exposed via other means, such as poorly secured backups. Furthermore, each time a GnuPG operation is performed, the keys are loaded into system memory and can be stolen from there using sufficiently advanced techniques (the likes of Meltdown and Spectre).

A digital smartcard token like Nitrokey Start contains a cryptographic chip that is capable of storing private keys and performing crypto operations directly on the token itself. Because the key contents never leave the device, the operating system of the computer into which the token is plugged in is not able to retrieve the private keys themselves, therefore significantly limiting the ways in which the keys can be leaked or stolen.

Questions or problems?

If you qualify for the program, but encounter any difficulties purchasing the device, please contact Nitrokey at shop@nitrokey.com.

For any questions about the program itself or with any other comments, please reach out to info@linuxfoundation.org.

Good-bye bzip2

We started listing xz-compressed versions of kernel archives in all our announcements back in March 2013, and the time has come to complete the switch. Effective immediately, we will no longer be providing bzip2-compressed versions for new releases of the Linux kernel and other software. Any previously released .tar.bz2 archives will continue to be available without change, and we will also continue to provide gzip-compressed versions of all new releases for the foreseeable future.

So, from now on, all releases will be offered as both .tar.gz and .tar.xz, but not as .tar.bz2. We apologize if this interferes with any automated tools.

Happy new year!

Happy new year to all kernel.org users and visitors. The Linux Foundation and Linux Kernel Archives teams extend their warmest wishes to you all, and we hope that 2014 proves to be just as awesome (or awesomer) for the Linux kernel.

Montreal frontend

We have added another official frontend for serving the kernel content, courtesy of Vexxhost, Inc. There is now a total of three frontends, one in Palo Alto, California, one in Portland, Oregon, and one in Montreal, Quebec. This should allow for better geographic dispersion of official mirrors, as well as better fault tolerance.

Kernel.googlesource.com

We are happy to announce that kernel.googlesource.com is now relying on grokmirror manifest data to efficiently mirror git.kernel.org, which means that if accessing git.kernel.org is too high latency for you due to your geographical location (EMEA, APAC), kernel.googlesource.com should provide you with a fast local mirror that is at most 5 minutes behind official sources.

We extend our thanks to Google for making this available to all kernel hackers and enthusiasts worldwide.

TLS 1.2 and PFS

With the latest round of upgrades, we are now serving TLS 1.2 with PFS across all kernel.org sites, offering higher protection against eavesdropping.