Re: [RFC PATCH 02/20] KEYS: Add a system blacklist keyring [ver #2]

From: David Howells
Date: Mon Feb 08 2016 - 09:55:56 EST

Next message: Marc Zyngier: "Re: [PATCH 2/6] Documentation: bindings: document the Alpine MSIX driver"
Previous message: Miroslav Benes: "Re: [RFC PATCH v4 0/6] (mostly) Arch-independent livepatch"
In reply to: Mimi Zohar: "Re: How to add additional blacklist entries?"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 02/20] KEYS: Add a system blacklist keyring [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> By separating out the blacklist keyring from the issue of trust, you'll have
> smaller patch sets that can more easily be reviewed. (Reviewing anything
> having to do with certificates is difficult enough.) It would also allow
> you to upstream the two patch sets independently of each other.

Unfortunately, there's a dependency between the subsets you're talking about
in the form of the restriction function passed to keyring_alloc() - an
argument that's only made available in the other subset, so they cannot be
completely independent.

That said, the trust changes don't require the blacklist changes.

David

Next message: Marc Zyngier: "Re: [PATCH 2/6] Documentation: bindings: document the Alpine MSIX driver"
Previous message: Miroslav Benes: "Re: [RFC PATCH v4 0/6] (mostly) Arch-independent livepatch"
In reply to: Mimi Zohar: "Re: How to add additional blacklist entries?"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 02/20] KEYS: Add a system blacklist keyring [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]