Re: [PATCH 00/29] Crypto keys and module signing [ver #4]

From: Rusty Russell
Date: Fri May 18 2012 - 20:53:54 EST


On Fri, 11 May 2012 00:39:01 +0100, David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Hi Rusty,
>
> Here's my latest take on my module signing patch set. I've retained my
> strip-proof[*] signature-in-module concept, but I've shrunk the module
> verification code by nearly half. Its .text segment now stands at just over 2K
> in size for an x86_64 kernel.

Hi David!

I get it. Some management bigwig at RH has told you to get this
patch in, right? And you told them it'd had been Nacked, that the
maintainer had said it was never going in, and of course, that it was a
stupid idea and to give up on the idea of stripping modules after
signing, and just append a magic marker and the signature.

But they just wouldn't listen, would they? So you had to waste
your time polishing this turd, until you annoy me enough to get the kind
of flaming rejection which is visible from space and chars the eyeballs
of your manager so they understand.

Well, here it is. I even put it in caps for you!

NAK. THIS PATCH WILL NEVER, EVER GO IN. I AM NOT PUTTING CRAP IN THE
KERNEL BECAUSE RH CAN'T FIGURE OUT HOW TO PRODUCE STRIPPED VERSIONS OF
MODULES DURING BUILD. DON'T BE TOO PROUD OF THIS TECHNOLOGICAL TERROR
YOU'VE CONSTRUCTED.

I look forward to you updated patch series!
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/