We need to do a better job of merging policy into Refpolicy

[Daniel J Walsh <dwalsh@redhat.com>]

Chris has done a brilliant job up to this point but I see my differences
between the upstream growing astronomically.  This is causing other
distributions to not be able to take advantage of SELinux use in Fedora
and  similarly it is getting harder for me to merge in upstream changes.

Currently the patch that I am applying to Refpolicy is huge

# wc policy-20080509.patch
38260   95488 1171253 policy-20080509.patch

And I don't see how we can get this merged without huge amounts of
effort by me or Chris and neither of us have the time.

I think we need a way for third parties to come in an peruse the diffs
and apply the no brainer changes to policy.

We need the ability for a couple of acks to get minor changes in,
without Chris having to look at each change.

Most of my changes to policy come about via bugzilla's so I fix a
problem reported by an AVC and update policy.   I have come up with a
system of hundreds/thousands of small changes, but it does not make
merging upstream easy.

I also have made some grand sweeping changes in the same pool that Chris
does not currently agree with or is moving in a slightly different
direction (Roles Based Home Dirs)

So I guess I am saying help.

Can we setup a system of policy Triages, which can look at the policy
patches and apply small obvious changes?

Dan

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.