Re: Should we automatically generate a module signing key at all?

From: Linus Torvalds
Date: Tue May 19 2015 - 14:02:15 EST

Next message: Andy Lutomirski: "Re: [PATCH v5] procfs: Always expose /proc/<pid>/map_files/ and make it readable"
Previous message: Amaury Denoyelle: "[PATCH v3 2/2] Staging: comedi: fix style for multi-line comments in cb_pcidas64.c"
In reply to: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Next in thread: David Woodhouse: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 19, 2015 at 10:58 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
> Throwing away the key is outright impossible in some contexts.
>
> https://wiki.debian.org/ReproducibleBuilds

Bah. That's just stupid.

Sure, if you have to use "cmp" to compare your builds, you can't embed
random one-time keys. Tough.

That's a problem with your environment, and not a technical argument,
it's a political one.

I couldn't care less. "Doctor, doctor, it hurts when I use a stapler
on my forehead".

Debian has lots of "rules". That doesn't make it right.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andy Lutomirski: "Re: [PATCH v5] procfs: Always expose /proc/<pid>/map_files/ and make it readable"
Previous message: Amaury Denoyelle: "[PATCH v3 2/2] Staging: comedi: fix style for multi-line comments in cb_pcidas64.c"
In reply to: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Next in thread: David Woodhouse: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]