On Tue, 23 Jan 2018, Jiri Kosina wrote: > So that vermagic patch doesn't really help anything in real world (FWIW > I've just dropped it from SLE kernel). "Potentially insecure" doesn't mean > it shouldn't be loaded if the user wishes so. Only "functionally > incorrect" (which is the kernel ABI compatibility check) should be the > show stopper.
... one of the supporting arguments here obviously is: those external modules are quite often opening so many *other* holes into the system, that refusing to load it *just* because of kernel being retpolined while the module is not sounds more like not lettting a drunk and armed terrorist drive a plane, with the justification being the lack of a proper stamped license. -- Jiri Kosina SUSE Labs
