Re: [GIT PULL] Load keys from signed PE binaries

From: Linus Torvalds
Date: Thu Feb 21 2013 - 11:58:57 EST

Next message: Stephen Hemminger: "[ANNOUNCE] iproute2 3.8.0"
Previous message: Mandeep Singh Baines: "[PATCH v6] lockdep: check that no locks held at freeze time"
In reply to: Matthew Garrett: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Matthew Garrett: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 21, 2013 at 8:42 AM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote:
>
> There's only one signing authority, and they only sign PE binaries.

Guys, this is not a dick-sucking contest.

If you want to parse PE binaries, go right ahead.

If Red Hat wants to deep-throat Microsoft, that's *your* issue. That
has nothing what-so-ever to do with the kernel I maintain. It's
trivial for you guys to have a signing machine that parses the PE
binary, verifies the signatures, and signs the resulting keys with
your own key. You already wrote the code, for chissake, it's in that
f*cking pull request.

Why should *I* care? Why should the kernel care about some idiotic "we
only sign PE binaries" stupidity? We support X.509, which is the
standard for signing.

Do this in user land on a trusted machine. There is zero excuse for
doing it in the kernel.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Hemminger: "[ANNOUNCE] iproute2 3.8.0"
Previous message: Mandeep Singh Baines: "[PATCH v6] lockdep: check that no locks held at freeze time"
In reply to: Matthew Garrett: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Matthew Garrett: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]