[PATCH v3 00/10] Add CA enforcement keyring restrictions

[Mimi Zohar]

On Fri, 2022-12-23 at 18:17 +0000, Eric Snowberg wrote:
> >> Fair enough.  If this will be viewed as justification for adding the additional 
> >> code, I can work on adding it.  Above you mentioned a warning would be needed 
> >> at a minimum and a restriction could be placed behind a Kconfig.  How about for 
> >> the default case I add the warning and when compiling with 
> >> INTEGRITY_CA_MACHINE_KEYRING the restriction will be enforced.
> > 
> > Sounds good to me.  To avoid misunderstandings, will there be a Kconfig
> > menu with 3 options?  
> 
> I will add the three options in the next round.
> 
> > There were a couple of other comments having to
> > do with variable names.  Will you address them as well?
> 
> And take care of the variable name changes.  I won’t get back to this until January.

Enjoy your vacation and the holidays.  Looking forward to the next
version.

-- 
thanks,

Mimi