> Especially as our merge requirements for security/ are a lot
> for the rest of the kernel given that James is very afraid of getting
> whacked by Linux for not mering things.
I think historically you'll see that I'm not afraid of getting whacked by
A procedure for merging security features has been adopted by consensus,
based on suggestions from Arjan, with the aim of preventing the literally
endless arguments which arise from security feature discussions. It's
sometimes referred to as the Arjan protocol, essentially:
If the feature correctly implements a well-defined security goal, meets
user needs without incurring unreasonable overheads, passes technical
review, and is supported by competent developers, then it is likely to
If you disagree with a specific feature, you need to step up while it's
being reviewed and make a case against it according to the above
Well, I'm arguing that the criteria are wrong. Duplicated crap is
creeping in (TOMOYO vs. AppArmor), and strange stuff that has no
legitimate use is in (IMA -- what is it good for? locking machines
down, iPhone style).
If you disagree with the protocol, then you need to come up with a
one, and probably implement it yourself, to the satisfaction of all
I do disagree, and I do not think 'satistfaction of all parties' is
reasonable goal. Rest of kernel has different rules, and IMO they are better.
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html