Mimi Zohar <[email protected]> wrote: > By separating out the blacklist keyring from the issue of trust, you'll have > smaller patch sets that can more easily be reviewed. (Reviewing anything > having to do with certificates is difficult enough.) It would also allow > you to upstream the two patch sets independently of each other.
Unfortunately, there's a dependency between the subsets you're talking about in the form of the restriction function passed to keyring_alloc() - an argument that's only made available in the other subset, so they cannot be completely independent. That said, the trust changes don't require the blacklist changes. David
