On Thu, 2021-12-16 at 17:27 -0500, Ben Cotton wrote:
== Scope ==
- Proposal owners:
** Maintain the following patch sets for the Linux kernel, and possibly have them accepted in the upstream kernel: *** [//lore.kernel.org/linux-integrity/20210409114313.4073-1-roberto.sassu@huawei.com/ IMA execution policies] *** [//lore.kernel.org/linux-integrity/20210914163401.864635-1-roberto.sassu@huawei.com/ DIGLIM basic features] *** [//lore.kernel.org/linux-integrity/20210915163145.1046505-1-roberto.sassu@huawei.com/ DIGLIM advanced features] *** [//lore.kernel.org/linux-integrity/20210930115533.878169-1-roberto.sassu@huawei.com/ DIGLIM integration with IMA] *** [//lore.kernel.org/linux-integrity/20181112102423.30415-1-roberto.sassu@huawei.com/ PGP keys and signatures]
For me this seems like kind of a non-starter unless these are merged upstream. I do not think it makes sense for Fedora to carry these patches downstream long-term. If this is a good implementation of a good feature, it should be merged upstream. If it isn't, we shouldn't carry it downstream.