Date Thu, 21 Feb 2013 08:58:45 -0800 Subject Re: [GIT PULL] Load keys from signed PE binaries From Linus Torvalds <> On Thu, Feb 21, 2013 at 8:42 AM, Matthew Garrett <mjg59@srcf.ucam.org> wrote:

>

> There's only one signing authority, and they only sign PE binaries.



Guys, this is not a dick-sucking contest.



If you want to parse PE binaries, go right ahead.



If Red Hat wants to deep-throat Microsoft, that's *your* issue. That

has nothing what-so-ever to do with the kernel I maintain. It's

trivial for you guys to have a signing machine that parses the PE

binary, verifies the signatures, and signs the resulting keys with

your own key. You already wrote the code, for chissake, it's in that

f*cking pull request.



Why should *I* care? Why should the kernel care about some idiotic "we

only sign PE binaries" stupidity? We support X.509, which is the

standard for signing.



Do this in user land on a trusted machine. There is zero excuse for

doing it in the kernel.



Linus





