Re: Fw: signed kernel modules?

From: Richard B. Johnson
Date: Fri Oct 15 2004 - 12:45:22 EST

Next message: Paul Fulghum: "Re: 2.6.9-rc4-mm1 : oops when rmmod uhci_hcd [was: 2.6.9-rc3-mm2: oops...]"
Previous message: Bartlomiej Zolnierkiewicz: "Re: promise (105a:3319) unattended boot"
In reply to: David Woodhouse: "Re: Fw: signed kernel modules?"
Next in thread: Lee Revell: "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Oct 2004, David Woodhouse wrote:

On Fri, 2004-10-15 at 12:59 -0400, Richard B. Johnson wrote:
We let this start when there were problems with secret video
modules. Nobody wanted to debug a kernel that could be corrupted
by a module where nobody could read the source-code. So if there
isn't a MODULE_LICENSE("POLICY") then a 'tainted' mark goes
in any OOPS report. Well, they got away with that. It was
explained away as being "good" policy. Now they are making
more policy.

Please quit being a fuckwit, Richard. You've escaped my killfile so far
despite being in so many other peoples, because it's often amusing to
find the deliberate mistake in your posts when they actually appear
plausible.

The above is not policy; it's a mechanism. It provides the information.
Developers _use_ that information to implement their own policy, and
refrain from helping those whose kernels are tainted.

Signing kernel modules is just the same.

You just don't get it. This is policy.

Script started on Fri 15 Oct 2004 01:13:59 PM EDT
# insmod xxx.ko
xxx: module license 'BSD' taints kernel.
# exit
Script done on Fri 15 Oct 2004 01:14:26 PM EDT

How dare somebody decide that a BSD license that
makes source-code available, but doesn't give its
control to Stallman, somehow taints the kernel.

Wake up! This is policy and bad policy, too.
If it wasn't for UC Berkeley, there wouldn't even
be a Linux, it was deliberately designed to be
compatible so the Berkeley (read UNIX) utilities
would run. This was well before GNU did anything
but a 'C' compiler and eimacs.

BTW us.ibm.com has an interesting policy, the
name in the DNS expires in a few minutes and only
becomes available for a few minutes each day. That
means that anything sent to Josh Boyer <jdub@xxxxxxxxxx>,
in the c.c. list, above, gets cached here until the
name resolves.

Cheers,
Dick Johnson
Penguin : Linux version 2.6.8 on an i686 machine (5537.79 BogoMips).
Note 96.31% of all statistics are fiction.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Fulghum: "Re: 2.6.9-rc4-mm1 : oops when rmmod uhci_hcd [was: 2.6.9-rc3-mm2: oops...]"
Previous message: Bartlomiej Zolnierkiewicz: "Re: promise (105a:3319) unattended boot"
In reply to: David Woodhouse: "Re: Fw: signed kernel modules?"
Next in thread: Lee Revell: "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]