--- Stephen Smalley <[EMAIL PROTECTED]> wrote: > On Wed, 2007-07-11 at 10:30 -0700, Casey Schaufler wrote: > > --- Stephen Smalley <[EMAIL PROTECTED]> wrote: > > > > > On Wed, 2007-07-11 at 08:54 +0900, Kazuki Omo(Company) wrote: > > > > Dear, Sir, > > > > > > > > Sorry for my poorly English. I've just wanted to make sure the process > > > > how can we put other security model to mainline. > > > > I guess the steps are > > > > > > > > 1. put patch to lsm-ml/lkm-ml and related ml. > > > > 2. debate(I guess AppArmor is now on this stage) > > > > 3. .....I don't know > > > > > > > > Form last year, I saw some of patches were put to lsm-ml(stage1), > > > > and there were so many debate(stage2). But just debate... and > > > > not included to mainline. I want to know what do they need to > > > > put new-model to stage3. > > > > > > In the discussion of the bsdjail security module back in 2004, Andrew > > > Morton indicated that acceptance of any new code into mainline requires > > > that it have a real user base: > > > http://marc.info/?l=linux-kernel&m=109717928411882&w=2 > > > > Stephen, you have got to keep up with your email. I didn't > > think you were that far behind! > > > > Andrew's more current position, from Tue, 26 Jun 2007 19:47:00: > > > > "Sigh. Please don't put us in this position again. Get stuff upstream > > before shipping it to customers, OK? It ain't rocket science." > > Hi Casey, > > As I understood it, sufficiently large user demand / vendor pull is > required (but not sufficient) for mainline inclusion. That doesn't mean > that a major distro has to ship it before it hits mainline (which is > what Andrew complained about above); it usually seems to mean that a > major distro has identified the functionality as being important to > their users and wants it upstreamed so that they can ship it. So > random-security-modules-of-the-day with no broad user demand / vendor > pull don't seem likely to go into mainline. Any more than a > random-filesystem-of-the-day would.
These are all good points. I encourage the presentation and proposal of new LSMs regardless of their current corporate (or government) backing. Just because no one had you do it on payroll doesn't mean it isn't an idea with merit. A distribution vendor may see the work and decide to run with it. I also think that breadth of demand is overrated in the 21st century dedicated compute device world. Take a look at the list of processors that have gone upstream and you'll see quite a few that have very narrow market niches. I don't expect anyone to have an S390 laptop any time soon. > Of course, mind you, it isn't my decision to make. Mine either. Nuts. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
