On Mon, 2013-09-09 at 13:15 -0700, David Lang wrote:
> On Mon, 9 Sep 2013, Matthew Garrett wrote:
>
> > On Mon, 2013-09-09 at 12:59 -0700, David Lang wrote:
> >
> >> At least you should be able to unify the implementation, even if you don't unify
> >> the user visible knob
> >
> > Well sure, I could take this integer and merge another integer into it,
> > but now you have the same value being modified by two different
> > user-visible interfaces which aren't guaranteed to have the same
> > semantics.
>
> It's not that you merge integers, it's that the knob that currently sets the
> signed module only loading but not anything else would have it's implementation
> changed so that instead of doing whatever it currently does, it would instead
> make an internal call to set the "require signed modules" bit, and that one
> place would implement the lockdown.
Thanks.
--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
��.n��������+%�������w��{.n�����{����*�jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
