|| ||Rusty Russell <rusty-AT-rustcorp.com.au> |
|| ||Linus Torvalds <torvalds-AT-linux-foundation.org>,
Josh Boyer <jwboyer-AT-redhat.com> |
|| ||Re: RFC: sign the modules at install time |
|| ||Fri, 19 Oct 2012 10:50:30 +1030|
|| ||David Howells <dhowells-AT-redhat.com>,
David Miller <davem-AT-davemloft.net>,
Linux Kernel Mailing List <linux-kernel-AT-vger.kernel.org>,
|| ||Article, Thread
Linus Torvalds <firstname.lastname@example.org> writes:
> So signing is the nice flexible option, and technically the right
> thing to do.
Meh.... It's 52k of extra text to get that 'nice flexible'; 1% of my
kernel image. That's a lot of bug free code.
> (Side note: I hope people realize that the random key is generated
> with a 100-year lifespan. So if you build a kernel today, you do
> potentially have a "year-2112 problem". I'm not horribly worried, but
> I *am* a bit worried about 32-bit time_t overflow and I hope 32-bit
> openssl doesn't do anything odd)
Yep, David's original patch had that problem; he fixed the kernel's x509
handling to use struct tm, not time_t, and now it Just Works.
to post comments)