Hi Linus, On Thu, 21 Feb 2013 10:56:44 -0800 Linus Torvalds wrote: > > On Thu, Feb 21, 2013 at 10:34 AM, Peter Jones wrote: > > On Thu, Feb 21, 2013 at 10:25:47AM -0800, Linus Torvalds wrote: > >> - why do you bother with the MS keysigning of Linux kernel modules to > >> begin with? > > > > This is not actually what the patchset implements. All it's done here > > is using PE files as envelopes for keys. The usage this enables is to > > allow for whoever makes a module (binary only or merely out of tree for > > whatever reason) to sign it and vouch for it themselves. That could > > include, for example, a systemtap module. > > Umm. And which part of "We already support that, using standard X.509 > certificates" did we suddenly miss? > > So no. The PE file thing makes no sense what-so-ever. What you mention > we can already do, and we already do it *better*. So, is this enough close enough to "I will never take this" for me to remove it from linux-next, or could further discussion persuade you? David, if I do remove it, are there other patches in your pekey tree that are still going forward? I ask because the pekey tree is interacting with other trees and it does not make sense to have those interactions in linux-next if the pekey work is never going upstream. -- Cheers, Stephen Rothwell sfr@canb.auug.org.au