James Bottomley <james.bottom...@hansenpartnership.com> wrote: > > The problem with that is that it means you can't load third party > > modules - such as the NVidia driver. That's fine if you absolutely > > reject the right of people to produce third party drivers for the > > Linux kernel and absolutely require that they open and upstream their > > code if they want in. > > So if you build your own kernel and want to load the nVidia module, you > have the key to sign it.
I think you have to assume that doing this is beyond most people. Further, as a distribution we would prefer people didn't raise bugs against kernels that we didn't build. > If you're a distribution and want third party modules to be loaded you can > set up a third party signing process using a distro key ... I don't see what > the big problem is. That's the problem is right there. AIUI, we *don't* want to set up a third party signing process. As I said, it potentially comes with lawyers attached. > So your lawyers tell you if you sign a third party module for your > kernel then you could get blamed for the damage it causes? There's more to it than that, but I feel I should discuss it with our legal dept. before airing it here. David
