lkml.org 
[lkml]   [2013]   [Feb]   [21]   [last100]   RSS Feed
Views: [wrap][no wrap]   [headers]  [forward] 
 
Messages in this thread
/
Date
SubjectRe: [GIT PULL] Load keys from signed PE binaries
From
On Thu, Feb 21, 2013 at 8:42 AM, Matthew Garrett <[email protected]> wrote:
>
> There's only one signing authority, and they only sign PE binaries.

Guys, this is not a dick-sucking contest.

If you want to parse PE binaries, go right ahead.

If Red Hat wants to deep-throat Microsoft, that's *your* issue.  That
has nothing what-so-ever to do with the kernel I maintain. It's
trivial for you guys to have a signing machine that parses the PE
binary, verifies the signatures, and signs the resulting keys with
your own key. You already wrote the code, for chissake, it's in that
f*cking pull request.

Why should *I* care? Why should the kernel care about some idiotic "we
only sign PE binaries" stupidity? We support X.509, which is the
standard for signing.

Do this in user land on a trusted machine. There is zero excuse for
doing it in the kernel.

               Linus


\
 
 \ /
  Last update: 2013-02-21 18:21    [from the cache]
©2003-2020 Jasper Spaans|hosted at Digital Ocean and my Meterkast|Read the blog