From: Alice Mitchell on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1603#note_835710779 I can't post the full policy as it's an internal document, so I shall try my best to summarise it. this relates to restrictions to the crypto offload API that have been inherited from upstream, as I understand it in order to access these APIs a module needs to have been built and signed as part of the kernel build, which already happens for fedora, but to do so in RHEL adds a support burden we lack the resources for. The negotiated solution which forms the basis of this policy is that : - The kernel module would be enabled in kernel-ark for future RHEL and centos- stream builds. - There will be a new taint flag, “Partner supported GPL kernel module” to indicate that Red Hat does not support this module. and an accompanying kbase article explaining this. - Partner provides support and development effort for their kernel module via the usual centos-stream process, including CI tests - The built and signed module would be provided in binary form (not an rpm) to the partner as the RPM contains metadata like changelog that may contain sensitive data such as a mention of an embargoed CVE _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
