| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101025131829.GD2162@ucw.cz> Date: Mon, 25 Oct 2010 15:18:30 +0200 From: Pavel Machek <pavel@....cz> To: James Morris <jmorris@...ei.org> Cc: Christoph Hellwig <hch@...radead.org>, Ingo Molnar <mingo@...e.hu>, Kyle McMartin <kyle@...artin.ca>, kernel@...ts.fedoraproject.org, Mimi Zohar <zohar@...ibm.com>, warthog9@...nel.org, Dave Chinner <david@...morbit.com>, linux-kernel@...r.kernel.org, "H. Peter Anvin" <hpa@...or.com>, Serge Hallyn <serue@...ibm.com>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: ima: use of radix tree cache indexing == massive waste of memory? Hi! > > Especially as our merge requirements for security/ are a lot lower than > > for the rest of the kernel given that James is very afraid of getting > > whacked by Linux for not mering things. > > I think historically you'll see that I'm not afraid of getting whacked by > Linus. > > A procedure for merging security features has been adopted by consensus, > based on suggestions from Arjan, with the aim of preventing the literally > endless arguments which arise from security feature discussions. It's > sometimes referred to as the Arjan protocol, essentially: > > If the feature correctly implements a well-defined security goal, meets > user needs without incurring unreasonable overheads, passes technical > review, and is supported by competent developers, then it is likely to > be merged. > > If you disagree with a specific feature, you need to step up while it's > being reviewed and make a case against it according to the above > criteria. Well, I'm arguing that the criteria are wrong. Duplicated crap is creeping in (TOMOYO vs. AppArmor), and strange stuff that has no legitimate use is in (IMA -- what is it good for? locking machines down, iPhone style). > If you disagree with the protocol, then you need to come up with a better > one, and probably implement it yourself, to the satisfaction of all > parties. I do disagree, and I do not think 'satistfaction of all parties' is reasonable goal. Rest of kernel has different rules, and IMO they are better. -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists