[OpenAFS] OpenAFS & Linux kernel 2.6: please have a trackable bug report / task ?
Lester Barrows
barrows@email.arc.nasa.gov
Wed, 18 Feb 2004 16:32:24 -0800
> Not really. The requirement is "users don't need to build kernels". If
> vendors ship kernels with this, fine. If they turn it off, the problem is
> still 0% solved.
That's true, but I'd have to believe that a vendor such as Redhat will include
the option to secure their distribution to the best of their ability. This
would be particularly true with an enterprise OS vendor as their customers
will demand it. At the very least they are likely to include a "secure"
kernel alongside their standard builds, much as they do with e.g. bigmem
kernels. I believe there have been people from RH following this list, is
anyone around who could confirm/deny this?
Beyond that, it seems that it would be easier to request a distribution which
didn't already include it to add a secure kernel, built with slightly
different options, rather than asking them to apply a patch which isn't part
of the base kernel. If making OpenAFS can be made to work at great effort
without touching the security module that's good, but if the wheel already
exists, is simpler to implement for and technically sound as well it seems a
waste not to use it.
Regards,
Lester Barrows
Asani Solutions, LLC
Code IC Systems Group
NASA Ames Research Center
"Jura rapelcgvba vf bhgynjrq, bayl bhgynjf jvyy unir cevinpl."