* James Morris (jmorris@private) wrote: > On Wed, 25 May 2005, Crispin Cowan wrote: > > > >Note: out of tree kernel code does not count for anything. It's not > > >really part of the Linux kernel. Mainline maintainers don't care about it > > >and should not be expected to. If you want them to care, for people to > > >fix bugs in it for free, and for more people to use it, then submit the > > >module for upstream inclusion. It seems rather strange that you haven't. > > > > > I find this to be a very odd perspective. > > I find it odd that you find it odd :-) > > > I think of LSM as an API. Its purpose is precisely to provide a layer of > > abstraction so that kernel maintainers do *not* have to maintain the > > modules. Linus said *very explicitly* that he did not want to maintain > > security modules, and that was the point of LSM. > > He wanted to avoid deciding on the "correct" access control model: > http://mail.wirex.com/pipermail/linux-security-module/2001-April/0005.html Yes, it's not about maintainership, it's about picking the right access control model. Security researchers can't even agree, and Linus simply wants to push the decision off onto the folks who care about it. > (I would argue that his "truly generic" requirement was fulfilled by > SELinux). Hehe, clearly it wasn't or we wouldn't be where we are now. Recall, LSM came out of rejecting SELinux.
This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 22:43:00 PDT