Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932336AbbESSCI (ORCPT ); Tue, 19 May 2015 14:02:08 -0400 Received: from mail-ig0-f179.google.com ([209.85.213.179]:34686 "EHLO mail-ig0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751198AbbESSB6 (ORCPT ); Tue, 19 May 2015 14:01:58 -0400 MIME-Version: 1.0 In-Reply-To: References: <31154.1431965087@warthog.procyon.org.uk> <555A88FB.7000809@kernel.org> Date: Tue, 19 May 2015 11:01:57 -0700 X-Google-Sender-Auth: z2kTZsNLklNOaJnzXNPWL-sfPI4 Message-ID: Subject: Re: Should we automatically generate a module signing key at all? From: Linus Torvalds To: Andy Lutomirski Cc: Andy Lutomirski , David Howells , Michal Marek , David Woodhouse , Abelardo Ricart III , Linux Kernel Mailing List , Sedat Dilek , keyrings@linux-nfs.org, Rusty Russell , LSM List , Borislav Petkov , Jiri Kosina Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 826 Lines: 25 On Tue, May 19, 2015 at 10:58 AM, Andy Lutomirski wrote: > > Throwing away the key is outright impossible in some contexts. > > https://wiki.debian.org/ReproducibleBuilds Bah. That's just stupid. Sure, if you have to use "cmp" to compare your builds, you can't embed random one-time keys. Tough. That's a problem with your environment, and not a technical argument, it's a political one. I couldn't care less. "Doctor, doctor, it hurts when I use a stapler on my forehead". Debian has lots of "rules". That doesn't make it right. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/