[PATCH] integrity: powerpc: Do not select CA_MACHINE_KEYRING

Jarkko Sakkinen jarkko at kernel.org
Tue Sep 12 17:03:26 UTC 2023


On Tue Sep 12, 2023 at 6:39 AM EEST, Nayna wrote:
>
> On 9/7/23 13:32, Michal Suchánek wrote:
> > Adding more CC's from the original patch, looks like get_maintainers is
> > not that great for this file.
> >
> > On Thu, Sep 07, 2023 at 06:52:19PM +0200, Michal Suchanek wrote:
> >> No other platform needs CA_MACHINE_KEYRING, either.
> >>
> >> This is policy that should be decided by the administrator, not Kconfig
> >> dependencies.
>
> We certainly agree that flexibility is important. However, in this case, 
> this also implies that we are expecting system admins to be security 
> experts. As per our understanding, CA based infrastructure(PKI) is the 
> standard to be followed and not the policy decision. And we can only 
> speak for Power.

In the end this is dictating policy for no compelling reason, and
that is the bottom line here, not playing a mind game what type of
expertise a sysadmin might or might not have.

BR, Jarkko



More information about the Linux-security-module-archive mailing list