Mihai-Drosi Câju <[email protected]> wrote: > > The current signature-based module integrity checking has some drawbacks > in combination with reproducible builds. Either the module signing key > is generated at build time, which makes the build unreproducible, or a > static signing key is used, which precludes rebuilds by third parties > and makes the whole build and packaging process much more complicated.
There is another issue too: If you have a static private key that you use to sign modules (and probably other things), someone will likely give you a GPL request to get it. One advantage of using a transient key every build and deleting it after is that no one has the key. One other thing to remember: security is *meant* to get in the way. That's the whole point of it. However, IANAL. David
