[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki)

From: John Ogness
Subject: Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki)
Date: Wed, 20 Feb 2008 21:08:10 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix)

On 2008-02-12, Adam Jerome <address@hidden> wrote:
> I do know that as the patch was being considered, Linus called for
> anyone to refute the patch; and more specifically, he asked all
> projects that were using LSM (that might be considering submission
> of their project upstream at some point) to make them self known.
> From what I saw, no such projects made themselves known.
> [...]
> I feel that this action was hasty; that making LSM a
> static-link-only interface is very short-sited.  It shut the door to
> many up-and-comming security related projects (that were just not
> ready for submission upstream).  This action obviously gives an
> unfair advantage to the SELinux camp.

I feel that the decision was a correct one. The Linux kernel community
does _not_ want a lot of external security modules floating
around. They _want_ people to work _with_ the community to develop
their security modules in mainline.

The fact that LSM was so easy to use allowed a lot of people to
develop modules that may or may not offer real security and definately
were not compatible with one another. This has resulted in a chaos,
which has hurt the end users more than anyone else. LSM probably
should never have been made an "exported" API in the first place.

Dazuko was developed originally as a closed-source solution. After the
source was freed, Dazuko development continued to be developed
completely independent from the Linux kernel. I believe that this was
a mistake and one that needs to be corrected if Dazuko is to have a
future. Dazuko _must_ work to become part of mainline.

The catch is that Dazuko has become quite a large project that has
evolved to be more complex than it need be. Such a large, complex
project has no chance for mainline acceptance. This means that Dazuko
needs to be slowly integrated into mainline (piece by piece) and
making sure each piece is as clean and maintainable as possible.

If other LSM-based projects are serious about being accepted, they
will do the same.

John Ogness

Dazuko Maintainer

reply via email to

[Prev in Thread] Current Thread [Next in Thread]