Andy Lutomirski <l...@kernel.org> writes: > On 05/18/2015 09:20 AM, Linus Torvalds wrote: >> On Mon, May 18, 2015 at 9:04 AM, David Howells <dhowe...@redhat.com> wrote: >>> >>> Should we instead provide a script: >>> >>> ./scripts/generate-key >>> >>> That generates a key if run and make it so that the build fails if you turn >>> on >>> module signing and there's no key. >> >> That would just be stupid. >> >> I'm not ever applying a patch like that. That would absolutely destroy >> the sane "git clean + rebuild" model. >> >> Why the hell would you want to make the sane case that people actually >> *use* be harder to use. >> >> Nobody sane bothers with long-term keys. They are inconvenient and less >> secure. >> >> Put the onus on making it inconvenient on those people who actually >> have special keys, not on normal people. >> > > I think we should get rid of the idea of automatically generated signing > keys entirely. Instead I think we should generate, at build time, a > list of all the module hashes and link that into vmlinux.
Yep, suggested that long ago. But people want signatures, because the actual push for pubkeys was never the temp-pubkey model. Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
