An opinion about Linux security

[Paul Moore]

On Fri, Dec 12, 2025 at 12:37 PM Stephen Smalley
<stephen.smalley.work at gmail.com> wrote:
> On Fri, Dec 12, 2025 at 12:22 PM Timur Chernykh <tim.cherry.co at gmail.com> wrote:
> >
> > > While Timur was
> > > added to the conversation by someone, I don't see any mail from him in
> > > that thread.
> >
> > I probably missed this thread.
> >
> > > Beyond that, I'm a bit lost.  As far as I can remember, and both lore
> > > and my own sent mail folder appear to support this, I've never
> > > commented on ESF.  At this point I think Timur may be mistaken
> > > regarding my commenting on ESF, but if I am wrong please provide a
> > > lore link so I can refresh my memory.
> >
> > Sorry for misleading you. My mistake, I should have checked the thread
> > first instead of relying on my memory.
> >
> > > In this post Timur provides links to his ESF project on GitHub, but no
> > > patches.
> >
> > Am I correct in understanding that any proposals and questions I'd
> > like to discuss with the maintainers and the community should start
> > with patches? Even if the goal isn't to implement a change right away,
> > but merely to evaluate the idea.
> >
> > When I proposed the prototype, it seemed excessive to me to prepare
> > patches for something that could be "finished" at the idea stage.
>
> It doesn't seem to require much more effort than creating the
> prototype and publishing it on GitHub. "Write for maximum efficiency
> of reading" includes avoiding the need to follow links to adequately
> evaluate a proposal. Just provide enough code to show what it is you
> want to do and why that can't be done (well) today.

To add to what Stephen already said, if you are serious about
submitting a new LSM upstream, we do have some documented guidance
linked off the "SECURITY SUBSYSTEM" entry in the MAINTAINERS file.  To
save some time/searching, the direct link is below:

https://github.com/LinuxSecurityModule/kernel/blob/main/README.md#new-lsms

-- 
paul-moore.com