Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932365AbbERQUm (ORCPT ); Mon, 18 May 2015 12:20:42 -0400 Received: from mail-ie0-f180.google.com ([209.85.223.180]:33083 "EHLO mail-ie0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752737AbbERQUe (ORCPT ); Mon, 18 May 2015 12:20:34 -0400 MIME-Version: 1.0 In-Reply-To: <31154.1431965087@warthog.procyon.org.uk> References: <31154.1431965087@warthog.procyon.org.uk> Date: Mon, 18 May 2015 09:20:33 -0700 X-Google-Sender-Auth: XUCfktxMREseToB4Pu4FftLn6lA Message-ID: Subject: Re: Should we automatically generate a module signing key at all? From: Linus Torvalds To: David Howells Cc: Michal Marek , David Woodhouse , Abelardo Ricart III , Linux Kernel Mailing List , Sedat Dilek , keyrings@linux-nfs.org, Rusty Russell , LSM List Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 967 Lines: 28 On Mon, May 18, 2015 at 9:04 AM, David Howells wrote: > > Should we instead provide a script: > > ./scripts/generate-key > > That generates a key if run and make it so that the build fails if you turn on > module signing and there's no key. That would just be stupid. I'm not ever applying a patch like that. That would absolutely destroy the sane "git clean + rebuild" model. Why the hell would you want to make the sane case that people actually *use* be harder to use. Nobody sane bothers with long-term keys. They are inconvenient and less secure. Put the onus on making it inconvenient on those people who actually have special keys, not on normal people. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/