|
|
Log in / Subscribe / Register

Quotes of the week

[Posted October 12, 2016 by corbet]

As a _singlular_ argument, "it's for out-of-tree code" is weak. As an _additional_ argument, it has value. Saying "this only helps out-of-tree code" doesn't carry much weight. Saying "this helps kernel security, even for out-of-tree code" is perfectly valid. And a wrinkle in this is that some day, either that out-of-tree code, or brand new code, will land in the kernel, and we don't want to continue to require authors be aware of an opt-in security feature. The kernel should protect itself (and all of itself, including out-of-tree or future code) by default.
Kees Cook

this email is all in small letters because my gpg key expired so I couldn't sign the tag, and it's too early in the morning for me to go do gpg stuff.
Dave Airlie

I'm happy that you have found alternative identity management model, but I'm not sure this "all lower key" thing is considered a technically valid alternative to pgp signing from an identity validation standpoint.

I will have to ask around the security people to see what they think.

Linus Torvalds (thanks to Daniel Stone)
to post comments


Copyright © 2016, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds