On Wed, 2007-07-11 at 10:30 -0700, Casey Schaufler wrote: > --- Stephen Smalley <[EMAIL PROTECTED]> wrote: > > > On Wed, 2007-07-11 at 08:54 +0900, Kazuki Omo(Company) wrote: > > > Dear, Sir, > > > > > > Sorry for my poorly English. I've just wanted to make sure the process > > > how can we put other security model to mainline. > > > I guess the steps are > > > > > > 1. put patch to lsm-ml/lkm-ml and related ml. > > > 2. debate(I guess AppArmor is now on this stage) > > > 3. .....I don't know > > > > > > Form last year, I saw some of patches were put to lsm-ml(stage1), > > > and there were so many debate(stage2). But just debate... and > > > not included to mainline. I want to know what do they need to > > > put new-model to stage3. > > > > In the discussion of the bsdjail security module back in 2004, Andrew > > Morton indicated that acceptance of any new code into mainline requires > > that it have a real user base: > > http://marc.info/?l=linux-kernel&m=109717928411882&w=2 > > Stephen, you have got to keep up with your email. I didn't > think you were that far behind! > > Andrew's more current position, from Tue, 26 Jun 2007 19:47:00: > > "Sigh. Please don't put us in this position again. Get stuff upstream > before shipping it to customers, OK? It ain't rocket science."
Hi Casey, As I understood it, sufficiently large user demand / vendor pull is required (but not sufficient) for mainline inclusion. That doesn't mean that a major distro has to ship it before it hits mainline (which is what Andrew complained about above); it usually seems to mean that a major distro has identified the functionality as being important to their users and wants it upstreamed so that they can ship it. So random-security-modules-of-the-day with no broad user demand / vendor pull don't seem likely to go into mainline. Any more than a random-filesystem-of-the-day would. Of course, mind you, it isn't my decision to make. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
