| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1431965955.29806.53.camel@infradead.org>
Date: Mon, 18 May 2015 17:19:15 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: David Howells <dhowells@...hat.com>
Cc: mmarek@...e.cz, Linus Torvalds <torvalds@...ux-foundation.org>,
Abelardo Ricart III <aricart@...nix.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Sedat Dilek <sedat.dilek@...il.com>, keyrings@...ux-nfs.org,
Rusty Russell <rusty@...tcorp.com.au>,
LSM List <linux-security-module@...r.kernel.org>
Subject: Re: Should we automatically generate a module signing key at all?
On Mon, 2015-05-18 at 17:04 +0100, David Howells wrote:
> Should we automatically generate a module signing key at all since
> that has the possibility of accidentally overwriting a key that the
> builder has placed in the tree?
I prefer the other solution I suggested a few minutes ago — let
signing_key.{priv,x509} be autogenerated, and if the user wants to
provide their own then let them call it something else.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse@...el.com Intel Corporation
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5691 bytes)
Powered by blists - more mailing lists