From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: [RFC] Second attempt at kernel secure boot support
Date: Thu, 1 Nov 2012 21:58:17 +0000
Message-ID: <20121101215817.79e50ec2@pyramind.ukuu.org.uk>
References: <CACLa4puzLR2om6SHw3wVnfZ1nezVsKOp8+705AdHZ4_=JamYfw@mail.gmail.com>
	<1351780935.2391.58.camel@dabdike.int.hansenpartnership.com>
	<CACLa4pvh3v3Mhq8oe3dzRL8ytBgmitPkCGUSfVCR5WdQopjRMQ@mail.gmail.com>
	<1351783096.2391.77.camel@dabdike.int.hansenpartnership.com>
	<CACLa4pu0yoB6CQX=3nuAT2vz4=oTNfM9fjMUvFXKJovYu+y4fw@mail.gmail.com>
	<1351803800.2391.96.camel@dabdike.int.hansenpartnership.com>
	<20121101210634.GA19723@srcf.ucam.org>
	<20121101213127.5967327f@pyramind.ukuu.org.uk>
	<20121101212843.GA20309@srcf.ucam.org>
	<20121101213751.377ebaa8@pyramind.ukuu.org.uk>
	<20121101213452.GA20564@srcf.ucam.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <20121101213452.GA20564@srcf.ucam.org>
Sender: linux-security-module-owner@vger.kernel.org
To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>, Eric Paris <eparis@parisplace.org>, Jiri Kosina <jkosina@suse.cz>, Oliver Neukum <oneukum@suse.de>, Chris Friesen <chris.friesen@genband.com>, Josh Boyer <jwboyer@gmail.com>, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org
List-Id: linux-efi@vger.kernel.org

On Thu, 1 Nov 2012 21:34:52 +0000
Matthew Garrett <mjg59@srcf.ucam.org> wrote:

> On Thu, Nov 01, 2012 at 09:37:51PM +0000, Alan Cox wrote:
> > On Thu, 1 Nov 2012 21:28:43 +0000
> > Matthew Garrett <mjg59@srcf.ucam.org> wrote:
> > > Lawyers won't remove blacklist entries.
> > 
> > Fear Uncertainty and Doubt
> > 
> > Courts do, injunctions do, the possibilty of getting caught with theirs
> > hands in the till does.
> 
> I think you've misunderstood. Blacklist updates are append only.

I think you've misunderstood - thats a technical detail that merely
alters the cost to the people who did something improper.

If Red Hat want to ship a kernel that is very very locked down - fine.
It's a business choice and maybe it'll sell to someone. The
implementation is non-offensive in its mechanism for everyone else so
technically I don't care, but the 'quiver before our new masters and lick
their boots' stuff isn't a technical (or sane business) approach so can
we cut the trying to FUD other people into doing what you believe your
new master requires.

Alan