So this feels wrong to me, can you guys please explain:
On Sun, Jul 31, 2016 at 9:02 PM, Rusty Russell <ru...@rustcorp.com.au> wrote:
>
> Ben Hutchings (3):
> module: Invalidate signatures on force-loaded modules
> module: Disable MODULE_FORCE_LOAD when MODULE_SIG_FORCE is enabled
forcing a load and SIG_FORCE are entirely independent issues, afaik. I
think requiring signed modules is just a good idea. But that doesn't
necessarily mean that you don't have a signed module that is signed
with a key you trust, but you still want to force-load it for the
wrong kernel version (ie maybe you have a binary-only module from your
IT department (and your IT department is evil,but at least they sign
it to show that the module is trust-worthy as coming from them, even
if they have some dubious behavior), but you did some kernel updates
that still allow the module to work but the version doesn't match any
more).
Am I missing something? What's the connection between
MODULE_FORCE_LOAD and MODULE_SIG_FORCE? Because it smells like they
are independent and that the above changes are very very dubious.
I didn't actually pull the tree, I just reacted to the pull request itself.
Linus
