On Wed, Sep 26, 2012 at 5:46 AM, Rusty Russell <ru...@rustcorp.com.au> wrote: > You previously wrote: >> You can't compare them that easily. One has a FIPS-mode panic and the other >> doesn't. Do we want to panic if we reject an unsigned module in enforcing >> mode when we're in FIPS mode? > > It's a line ball, but I think consistency wins. Not a validly signed > module => panic.
Just wondering, what's the advantage of doing panic over just rejecting the module? Panic is a DoS? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html