Feeds

Linus Torvalds in NSFW Red Hat rant

X.509 dispute turns XXX as Torvalds says Red Hat wants kinky fun with Redmond

The Power of One Infographic

Linux overlord Linus Torvalds has again vented his spleen online, taking on Red Hat employee David Howells with a series of expletive-laden posts on the topic of X.509 public key management standard.

The action takes place on the Linux Kernel Mailing List, with Howell posting a request that Torvalds “pull this patchset please”.

Howells wants the code accepted into the kernel so Red Hat can ”embed an X.509 certificate containing the key in a section called '.keylist' in an EFI PE binary and then get the binary signed by Microsoft.” This arrangement, he suggests, is more elegant than the way the Linux kernel signs certificates today.

Torvalds' initial response is “not without a lot more discussion first”, because “quite frankly, this is f*cking moronic. The whole thing seems to be designed around stupid interfaces, for completely moronic reasons. Why should we do this?”

The Reg has quoted Torvalds' posts verbatim: he inserted his own asterisks into the message.

As the conversation unfolds Torvalds points out that the discussion is not a fellatio contest, suggests that “If Red Hat wants to deep-throat Microsoft, that's *your* issue” and lambasting Red Hat for even suggesting key management be done in the kernel.

Torvalds later advances this argument as to why what Red Hat wants is not a good idea:

“Quite frankly, I doubt that anybody will ever care, plus getting me to care about some vendor that ships external binary-only modules is going to be hard as hell.

Plus quite frankly, signing random kernel vendor modules (indirectly) with a MS key is f*cking stupid to begin with.

In other words, I really don't see why we should bend over backwards, when there really is no reason to. It's adding stupid code to the kernel only to encourage stupidities in other people.

Seriously, if somebody wants to make a binary module for Fedora 18 or whatever, they should go to Red Hat and ask whether RH is willing to sign their key. And the whole "no, we only think it makes sense to trust MS keys" argument is so f*cking stupid that if somebody really brings that up, I can only throw my hands up and say "whatever".

In other words, none of this makes me think that we should do stupid things just to perpetuate the stupidity. And I don't believe in the argument to begin with.”

Opinion in the thread seems to favour Torvalds' point of view and discussion has petered out, so it looks like the Lord of Linux has taken this round. Torvalds has form with shouty rants, having in the last year flipped the bird in NVIDIA's direction and told another Red Hatter to be quiet in a very forceful way. He's also 'fessed up to being unable to control some of his shoutier impulses. ®

Seven Steps to Software Security

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
OpenWRT gets native IPv6 slurping in major refresh
Also faster init and a new packages system
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.