Titus, these are just some nit-picking thoughts. On Mon, Jun 04, 2001 at 01:37:14PM -0700, Titus D. Winters wrote: > But if something substandard that is going to have to be extended > again is _can't_ demonstrate a need for security needs to watch the > news from time to time), and show that it isn't harmful, it should not > be impossible to accomplish. Consider though, that security is orthogonal to the security module work we are conducting here. For months (years?), people have created good security plugins that enhance the security of the standard linux kernel. (Yes, years. I recall one job interview where the interviewer and I spent most of our time talking about an ACL system he added to the 0.9x kernel series years ago.) Our job here is to make a modular system that frees kernel security enhancement authors from tracking the kernel's minute version changes. That, and make a fashion for plugging enhanced security modules into system default kernels, to tailor the security policy to each individual site. > If it just takes a knockdown drag out flamewar on the main kernel dev > list, then that's what it takes, but we need to put out the best > version of this that we can. I fear that if a flamewar is started, this project will stop there. Frankly, the whole thing is much easier than that. We need to convince Linus, Alan, and others interested in the whole deal that what we have done is worthwhile. If they agree, they put it in the kernel. No flamewar required. [1] Especially when one considers the wide announcement of this list. Interested parties have had plenty of opportunities to join this list with their comments and suggestions for new directions. (The list announcement made it to slashdot for crying out loud. :) Reasoned arguments always work better than flamewars. :) > I think we need to worry about the technical obstacles (developing the > durned thing) more than let our theoretical concerns about political > issues govern our contribution. I don't think we should discount either. Political concerns are a reality. Any conservative kernel developer is more likely to accept (emotionally, at least) smaller changes than larger changes. I would guess most would be amenable to far-ranging changes if it is clear that the far-ranging changes *look* and *feel* right, and we are convincing when we claim that we have studied the 'correctness' of the proposed change. [1]: The kernel they will put it into will be labelled 2.5 anyway; I don't think we will have a difficult time with the "add-on" sale that jmjones was mentioning in the 2.5 series, though I think we would have immense trouble in a 2.4 or 2.6 series. :) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 14:22:36 PDT