Re: [RFC PATCH 02/20] KEYS: Add a system blacklist keyring [ver #2]
From: David Howells
Date: Mon Feb 08 2016 - 09:55:56 EST
Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> By separating out the blacklist keyring from the issue of trust, you'll have
> smaller patch sets that can more easily be reviewed. (Reviewing anything
> having to do with certificates is difficult enough.) It would also allow
> you to upstream the two patch sets independently of each other.
Unfortunately, there's a dependency between the subsets you're talking about
in the form of the restriction function passed to keyring_alloc() - an
argument that's only made available in the other subset, so they cannot be
completely independent.
That said, the trust changes don't require the blacklist changes.
David