Re: Should we automatically generate a module signing key at all?

From: David Woodhouse
Date: Tue May 19 2015 - 14:08:30 EST

Next message: David Howells: "Re: Should we automatically generate a module signing key at all?"
Previous message: Andy Lutomirski: "Re: [PATCH v5] procfs: Always expose /proc/<pid>/map_files/ and make it readable"
In reply to: Linus Torvalds: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2015-05-19 at 10:58 -0700, Andy Lutomirski wrote:
>
> Throwing away the key is outright impossible in some contexts.
>
> https://wiki.debian.org/ReproducibleBuilds

Are any of the benefits described at
https://wiki.debian.org/ReproducibleBuilds/About *not* just as
achievable with the method I suggested â where you throw away the key
and just validate that your builds are identical *except* for the
signatures... which you can reuse, since your builds were identical.

--
dwmw2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "Re: Should we automatically generate a module signing key at all?"
Previous message: Andy Lutomirski: "Re: [PATCH v5] procfs: Always expose /proc/<pid>/map_files/ and make it readable"
In reply to: Linus Torvalds: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]