From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751399AbdIKWa5 (ORCPT ); Mon, 11 Sep 2017 18:30:57 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:37042 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750936AbdIKWaz (ORCPT ); Mon, 11 Sep 2017 18:30:55 -0400 X-Google-Smtp-Source: AOwi7QAAvJhcwe7aTnlmdDO7XK0QtWHuSbbz3Vsdqgtnn6fHiO8QYmksebKzFhg6XGdthvfvtthPHTET4lbOyeUat6A= MIME-Version: 1.0 X-Originating-IP: [12.145.98.253] In-Reply-To: References: <20170908070943.GA26549@infradead.org> From: Paul Moore Date: Mon, 11 Sep 2017 18:30:53 -0400 Message-ID: Subject: Re: [GIT PULL] Security subsystem updates for 4.14 To: James Morris , Linus Torvalds Cc: LSM List , Christoph Hellwig , Linux Kernel Mailing List , Mimi Zohar Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 10, 2017 at 12:32 AM, James Morris wrote: > On Fri, 8 Sep 2017, Paul Moore wrote: > >> > This is also why I tend to prefer getting multiple branches for >> > independent things. > > [...] > >> >> Is it time to start sending pull request for each LSM and thing under >> security/ directly? I'm not sure I have a strong preference either >> way, I just don't want to see the SELinux changes ignored during the >> merge window. > > They won't be ignored, we just need to get this issue resolved now and > figure out how to implement multiple branches in the security tree. Once again, I don't really care too much either way. My only selfish motivation is to make it as frictionless as possible to get the SELinux tree merged into Linus' tree. > Looking at other git repos, the x86 folk have multiple branches. I don't really understand what advantage one repo with multiple branches has over multiple repos, e.g. Linus' just pulling from the individual LSM trees directly. I suppose one could make an argument about linux-next, but I know they prefer to pull from the individual repos directly (they pull selinux/next directly). Is it to help reduce the load on Linus? >>From my perspective, the linux-security tree only introduces another opportunity for things to go wrong during the merge window (as evidenced by this latest snafu). Help me understand why a single tree with multiple branches is beneficial to multiple trees? Also, to be clear, I'm not picking on IMA or Mimi; this could have easily been SELinux screwing things up for IMA (or Smack, or AppArmor, etc.). > One option for me would be to publish the trees I pull from as branches > along side mine, with 'next' being a merge of all of directly applied > patchsets and those ready for Linus to pull as one. > > So, branches in > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security > > might be: > > next-selinux (Paul's next branch) > next-apparmor-next (JJ's next branch) > next-integrity-next (Mimi's) > next-tpm-next (Jarkko's) > [etc.] > > next (merge all of the above to here) > > That way, we have a coherent 'next' branch for people to develop against > and to push to Linus, but he can pull individual branches feeding into it > if something is broken in one of them. > > Does that sound useful? -- paul moore www.paul-moore.com