Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures

2024-09-15 Thread Roberto Sassu
On 9/15/2024 11:31 AM, Herbert Xu wrote: On Sun, Sep 15, 2024 at 05:15:25PM +0800, Herbert Xu wrote: Roberto, correct me if I'm wrong but your intended use case is the following patch series, right? Actually the meat of the changes is in the following series: https://lore.kernel.org/linux-in

Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures

2024-09-15 Thread Roberto Sassu
On 9/15/2024 9:11 AM, Linus Torvalds wrote: On Fri, 13 Sept 2024 at 10:30, Roberto Sassu [...] The objections I had were against the whole "start doing policy in kernel", with what sounded like actually parsing and unpacking rpm contents and verifying them with a pgp key. *That* still sounds

Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures

2024-09-15 Thread Herbert Xu
On Sun, Sep 15, 2024 at 05:15:25PM +0800, Herbert Xu wrote: > > Roberto, correct me if I'm wrong but your intended use case is > the following patch series, right? Actually the meat of the changes is in the following series: https://lore.kernel.org/linux-integrity/20240905150543.3766895-1-roberto

Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures

2024-09-15 Thread Herbert Xu
On Sun, Sep 15, 2024 at 10:40:15AM +0200, Linus Torvalds wrote: > > So I haven't actually seen _that_ series, but as mentioned it does > smell pretty conceptually broken to me. > > But hey, code talks, bullshit walks. People can most certainly try to > convince me. Roberto, correct me if I'm wro

Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures

2024-09-15 Thread Linus Torvalds
On Sun, 15 Sept 2024 at 10:08, Herbert Xu wrote: > > If the aformentioned EFI use-case is bogus, then distro package > verification is going to be the only application for PGP keys in > the kernel. So I haven't actually seen _that_ series, but as mentioned it does smell pretty conceptually broken

Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures

2024-09-15 Thread Herbert Xu
On Sun, Sep 15, 2024 at 09:11:04AM +0200, Linus Torvalds wrote: > > So honestly, just the series adding pgp key verification I have no > objection to. The use case where some firmware uses pgp to validate > allowed keys in EFI variables etc sounds like a "ok, then we need to > parse them". The use

Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures

2024-09-15 Thread Linus Torvalds
On Fri, 13 Sept 2024 at 10:30, Roberto Sassu wrote: > > On Fri, 2024-09-13 at 12:45 +0800, Herbert Xu wrote: > > > > Does this address Linus's objections? If not then we cannot proceed. > > I hope to get an answer from him. So honestly, just the series adding pgp key verification I have no object