Re: [NET]: Mark Paul Moore as maintainer of labelled networking.

Re: [NET]: Mark Paul Moore as maintainer of labelled networking.

[Joe Perches]

On Tue, 2007-08-28 at 00:01 +0000, Linux Kernel Mailing List wrote:
> +NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK)
> +P:	Paul Moore
> +M:	paul.moore@hp.com
> +L:	netdev@vger.kernel.org
> +S:	Maintained
> +

Aren't there now 2 subsystems in MAINTAINERS for the same thing?

NETLABEL
P:	Paul Moore
M:	paul.moore@hp.com
W:	http://netlabel.sf.net
L:	netdev@vger.kernel.org
S:	Supported

Re: [NET]: Mark Paul Moore as maintainer of labelled networking.

[Paul Moore]

On Tuesday, August 28 2007 2:46:19 am Joe Perches wrote:
> On Tue, 2007-08-28 at 00:01 +0000, Linux Kernel Mailing List wrote:
> > +NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK)
> > +P:	Paul Moore
> > +M:	paul.moore@hp.com
> > +L:	netdev@vger.kernel.org
> > +S:	Maintained
> > +
>
> Aren't there now 2 subsystems in MAINTAINERS for the same thing?
>
> NETLABEL
> P:	Paul Moore
> M:	paul.moore@hp.com
> W:	http://netlabel.sf.net
> L:	netdev@vger.kernel.org
> S:	Supported

Yes and no.  Labeled networking consists of several different subsystems
because the term "labeled networking" can often mean several different
things.  I'll spare everyone the gory details, but if you are interested in
more information check out the SELinux mailing list archives from the past
month; there has been a lot of discussion about the different types of
labeled networking and the requirements/goals of each.

NetLabel is just one subsystem that provides labeled networking
functionality (CIPSO is provided through the NetLabel subsystem), Labeled
IPsec and SECMARK also provide labeled networking functionality.  Originally
I wrote/supported/maintained just NetLabel but over the past weekend James
Morris asked me to look after all of the different labeled networking
subsystems ... for better or worse I agreed :)

If having both a labeled networking and NetLabel maintainer entry is a
problem then how about the patch below?

Index: linux-2.6_maintainers/MAINTAINERS
===================================================================
--- linux-2.6_maintainers.orig/MAINTAINERS
+++ linux-2.6_maintainers/MAINTAINERS
@@ -2609,13 +2609,6 @@ W:	http://www.netfilter.org/
 W:	http://www.iptables.org/
 S:	Supported
 
-NETLABEL
-P:	Paul Moore
-M:	paul.moore@hp.com
-W:	http://netlabel.sf.net
-L:	netdev@vger.kernel.org
-S:	Supported
-
 NETROM NETWORK LAYER
 P:	Ralf Baechle
 M:	ralf@linux-mips.org
@@ -2661,9 +2654,10 @@ L:	netdev@vger.kernel.org
 T:	git kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6.git
 S:	Maintained
 
-NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK)
+NETWORKING [LABELED] (NetLabel/CIPSO, Labeled IPsec, SECMARK)
 P:	Paul Moore
 M:	paul.moore@hp.com
+W:	http://netlabel.sf.net (NetLabel/CIPSO)
 L:	netdev@vger.kernel.org
 S:	Maintained

-- 
paul moore
linux security @ hp

Re: [NET]: Mark Paul Moore as maintainer of labelled networking.

[Joe Perches]

On Tue, 2007-08-28 at 08:46 -0400, Paul Moore wrote:
> If having both a labeled networking and NetLabel maintainer entry is a
> problem then how about the patch below?

I don't think it is.

> -NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK)
> +NETWORKING [LABELED] (NetLabel/CIPSO, Labeled IPsec, SECMARK)
>  P:	Paul Moore
>  M:	paul.moore@hp.com
> +W:	http://netlabel.sf.net (NetLabel/CIPSO)
>  L:	netdev@vger.kernel.org
>  S:	Maintained

My preference would be for something like:

        NETLABEL and CIPSO
        P:	Paul Moore
        M:	paul.moore@hp.com
        W:	http://netlabel.sf.net
        L:	netdev@vger.kernel.org
        S:	Maintained
        F:	Documentation/netlabel/
        F:	include/net/netlabel.h
        F:	net/netlabel/
        
        Labeled IPsec and SECMARK
        P:	Paul Moore
        M:	paul.moore@hp.com
        L:	netdev@vger.kernel.org
        S:	Supported
        F:	include/linux/netfilter/*SECMARK*
        F:	net/netfilter/*SECMARK*
        
I would like to add appropriate file patterns for each
block.  Also, I'm not sure of the Supported/Maintained
status of each block.

The distinction is supposed to be:

        Supported:	Someone is actually paid to look after this.
        Maintained:	Someone actually looks after it.

Could you please clarify those for me?

cheers, Joe

Re: [NET]: Mark Paul Moore as maintainer of labelled networking.

[Paul Moore]

On Tuesday, August 28 2007 12:45:50 pm Joe Perches wrote:
> On Tue, 2007-08-28 at 08:46 -0400, Paul Moore wrote:
> > If having both a labeled networking and NetLabel maintainer entry is a
> > problem then how about the patch below?
>
> I don't think it is.
>
> > -NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK)
> > +NETWORKING [LABELED] (NetLabel/CIPSO, Labeled IPsec, SECMARK)
> >  P:	Paul Moore
> >  M:	paul.moore@hp.com
> > +W:	http://netlabel.sf.net (NetLabel/CIPSO)
> >  L:	netdev@vger.kernel.org
> >  S:	Maintained
>
> My preference would be for something like:
>
>         NETLABEL and CIPSO
>         P:	Paul Moore
>         M:	paul.moore@hp.com
>         W:	http://netlabel.sf.net
>         L:	netdev@vger.kernel.org
>         S:	Maintained
>         F:	Documentation/netlabel/
>         F:	include/net/netlabel.h
>         F:	net/netlabel/
>
>         Labeled IPsec and SECMARK
>         P:	Paul Moore
>         M:	paul.moore@hp.com
>         L:	netdev@vger.kernel.org
>         S:	Supported
>         F:	include/linux/netfilter/*SECMARK*
>         F:	net/netfilter/*SECMARK*
>
> I would like to add appropriate file patterns for each
> block.  Also, I'm not sure of the Supported/Maintained
> status of each block.

>From the little bit of the discussion that I saw a few weeks ago the idea of 
file patterns in the MAINTAINERS file didn't go over very well.  I still 
don't see the "F" field specified/described at the top of the file.

As long as it is not a problem to have two maintainer entries, I think James' 
patch (what it currently in-tree) is pretty good right now - it fits with the 
rest of the NETWORKING [*] entries and looks correct to me.

> The distinction is supposed to be:
>
>         Supported:	Someone is actually paid to look after this.
>         Maintained:	Someone actually looks after it.
>
> Could you please clarify those for me?

Sure.  HP is my current employer, i.e. they pay me, and both myself and HP 
have pledged to continue supporting NetLabel (see the patchset posting that 
was first accepted into the 2.6.19); I imagine this would fall under 
the "Supported" category as currently stated.  A few days ago I was asked, 
and agreed to, maintain all of the labeled networking code (in addition to 
NetLabel).  While it is extremely likely that HP will support this decision 
and allow me to work on all of the labeled networking infrastructure at work, 
it would be overstepping my role within the company to say that HP is 
pledging support for all of labeled networking.

I think the important thing here is that "someone is looking after this", 
whether or not they are actually paid to do so is not quite as important in 
my mind.  If you feel strongly about the distinction please let me know and I 
will update the status when/if it changes.

-- 
paul moore
linux security @ hp