Feeds

Linus Torvalds in NSFW Red Hat rant

X.509 dispute turns XXX as Torvalds says Red Hat wants kinky fun with Redmond

Mobile application security vulnerability report

Linux overlord Linus Torvalds has again vented his spleen online, taking on Red Hat employee David Howells with a series of expletive-laden posts on the topic of X.509 public key management standard.

The action takes place on the Linux Kernel Mailing List, with Howell posting a request that Torvalds “pull this patchset please”.

Howells wants the code accepted into the kernel so Red Hat can ”embed an X.509 certificate containing the key in a section called '.keylist' in an EFI PE binary and then get the binary signed by Microsoft.” This arrangement, he suggests, is more elegant than the way the Linux kernel signs certificates today.

Torvalds' initial response is “not without a lot more discussion first”, because “quite frankly, this is f*cking moronic. The whole thing seems to be designed around stupid interfaces, for completely moronic reasons. Why should we do this?”

The Reg has quoted Torvalds' posts verbatim: he inserted his own asterisks into the message.

As the conversation unfolds Torvalds points out that the discussion is not a fellatio contest, suggests that “If Red Hat wants to deep-throat Microsoft, that's *your* issue” and lambasting Red Hat for even suggesting key management be done in the kernel.

Torvalds later advances this argument as to why what Red Hat wants is not a good idea:

“Quite frankly, I doubt that anybody will ever care, plus getting me to care about some vendor that ships external binary-only modules is going to be hard as hell.

Plus quite frankly, signing random kernel vendor modules (indirectly) with a MS key is f*cking stupid to begin with.

In other words, I really don't see why we should bend over backwards, when there really is no reason to. It's adding stupid code to the kernel only to encourage stupidities in other people.

Seriously, if somebody wants to make a binary module for Fedora 18 or whatever, they should go to Red Hat and ask whether RH is willing to sign their key. And the whole "no, we only think it makes sense to trust MS keys" argument is so f*cking stupid that if somebody really brings that up, I can only throw my hands up and say "whatever".

In other words, none of this makes me think that we should do stupid things just to perpetuate the stupidity. And I don't believe in the argument to begin with.”

Opinion in the thread seems to favour Torvalds' point of view and discussion has petered out, so it looks like the Lord of Linux has taken this round. Torvalds has form with shouty rants, having in the last year flipped the bird in NVIDIA's direction and told another Red Hatter to be quiet in a very forceful way. He's also 'fessed up to being unable to control some of his shoutier impulses. ®

The Essential Guide to IT Transformation

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.