Linus Torvalds in NSFW Red Hat rant
X.509 dispute turns XXX as Torvalds says Red Hat wants kinky fun with Redmond
Ensure Ease of Recovery with Asigra’s Agentless Software
Linux overlord Linus Torvalds has again vented his spleen online, taking on Red Hat employee David Howells with a series of expletive-laden posts on the topic of X.509 public key management standard.
The action takes place on the Linux Kernel Mailing List, with Howell posting a request that Torvalds “pull this patchset please”.
Howells wants the code accepted into the kernel so Red Hat can ”embed an X.509 certificate containing the key in a section called '.keylist' in an EFI PE binary and then get the binary signed by Microsoft.” This arrangement, he suggests, is more elegant than the way the Linux kernel signs certificates today.
Torvalds' initial response is “not without a lot more discussion first”, because “quite frankly, this is f*cking moronic. The whole thing seems to be designed around stupid interfaces, for completely moronic reasons. Why should we do this?”
The Reg has quoted Torvalds' posts verbatim: he inserted his own asterisks into the message.
As the conversation unfolds Torvalds points out that the discussion is not a fellatio contest, suggests that “If Red Hat wants to deep-throat Microsoft, that's *your* issue” and lambasting Red Hat for even suggesting key management be done in the kernel.
Torvalds later advances this argument as to why what Red Hat wants is not a good idea:
“Quite frankly, I doubt that anybody will ever care, plus getting me to care about some vendor that ships external binary-only modules is going to be hard as hell.
Plus quite frankly, signing random kernel vendor modules (indirectly) with a MS key is f*cking stupid to begin with.
In other words, I really don't see why we should bend over backwards, when there really is no reason to. It's adding stupid code to the kernel only to encourage stupidities in other people.
Seriously, if somebody wants to make a binary module for Fedora 18 or whatever, they should go to Red Hat and ask whether RH is willing to sign their key. And the whole "no, we only think it makes sense to trust MS keys" argument is so f*cking stupid that if somebody really brings that up, I can only throw my hands up and say "whatever".
In other words, none of this makes me think that we should do stupid things just to perpetuate the stupidity. And I don't believe in the argument to begin with.”
Opinion in the thread seems to favour Torvalds' point of view and discussion has petered out, so it looks like the Lord of Linux has taken this round. Torvalds has form with shouty rants, having in the last year flipped the bird in NVIDIA's direction and told another Red Hatter to be quiet in a very forceful way. He's also 'fessed up to being unable to control some of his shoutier impulses. ®
COMMENTS
Quite frankly.....
Linus Torvalds is quality! The coding world needs more highly opinionated lead programmers like this.
He's on the money with this rant, as he usually is.
Tux, naturally.
Let's merge two EL Reg topics
1) MS Azure goes down worldwide because Microsoft didn't renew a Key.
2) MS wants PCs to check that bootloader code is signed with what is basically an MS Key.
Scenario: MS forgets to renew their bootloader Key. ^_^
Re: Quite frankly.....
Absolutely. This shit is the epitome of the rot that's infected the IT industry for the last few decades. Malignant mega-corporations trying to achieve global domination by fucking up the competition with wilfully incompetent "standards". It's infected EVERYTHING... protocols, file formats, interfaces, EVERYWHERE... even supposedly "open" "standards"... OOXML anyone? The WWW? This whole ask Microsoft Inc for permission to boot your machine(s) is clearly madness. Madness by design. No one in the world is able to come up with a secure method to authenticate a boot sequence which doesn't involve begging the Microsoft Corporation for its blessing? Yeah, right... and I'm the fucking pope.
Clearly the politicians are far too stupid/corrupt to do anything about it. Fortunately Torvalds isn't a malignant mega-corporation. He seems to want to just get on with managing his kernel, rather than be diverted into playing stupid power games and subterfuge.
<-- A virtual Carlsberg for probably the best manager in the IT world.
/Homage
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
