A typical kernel development cycle involves pulling patches from over 100
repositories into the mainline. Any of those pulls could conceivably
bring with it malicious code, leaving the kernel (and its users) open to
compromise. The kernel’s web of trust helps maintainers to ensure that
pull requests are legitimate, but that web has become difficult to maintain
in the wake of the recent attacks on key
servers and other problems. So now the kernel community is
taking management of its web of trust into its own hands.

Source: LWN.net – [$] Maintaining the kernel’s web of trust