| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 May 2015 11:01:57 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Andy Lutomirski <luto@...capital.net>
Cc: Andy Lutomirski <luto@...nel.org>,
David Howells <dhowells@...hat.com>,
Michal Marek <mmarek@...e.cz>,
David Woodhouse <dwmw2@...radead.org>,
Abelardo Ricart III <aricart@...nix.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Sedat Dilek <sedat.dilek@...il.com>, keyrings@...ux-nfs.org,
Rusty Russell <rusty@...tcorp.com.au>,
LSM List <linux-security-module@...r.kernel.org>,
Borislav Petkov <bp@...en8.de>, Jiri Kosina <jkosina@...e.cz>
Subject: Re: Should we automatically generate a module signing key at all?
On Tue, May 19, 2015 at 10:58 AM, Andy Lutomirski <luto@...capital.net> wrote:
>
> Throwing away the key is outright impossible in some contexts.
>
> https://wiki.debian.org/ReproducibleBuilds
Bah. That's just stupid.
Sure, if you have to use "cmp" to compare your builds, you can't embed
random one-time keys. Tough.
That's a problem with your environment, and not a technical argument,
it's a political one.
I couldn't care less. "Doctor, doctor, it hurts when I use a stapler
on my forehead".
Debian has lots of "rules". That doesn't make it right.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists