On Mon, Jun 8, 2020 at 6:13 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > On Mon, Jun 8, 2020 at 5:35 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > What were you envisioning when we marked this as deprecated Stephen? > > If not this, what were you thinking we would do? > > I feel like we've already communicated the fact that it is being > deprecated to those who need to know (Fedora maintainers), and we > already have it displaying an error message for those who look at > kernel logs. So I was fine with just waiting some number of kernel > release cycles (not sure what is typical for these kinds of things) > and then just changing selinux_write_disable() to just return 0 > without doing anything and dropping the selinux_disable() code and the > config option. Regardless of what we do with this, I thought the deprecation commit was pretty clear about adding a delay as part of the deprecation process. The most appropriate time to raise objections like this would have been when the original patch was posted. In other words, I expect people to review the commit descriptions along with the patches. When anyone adds an "Acked-by" or a "Reviewed-by" tag, I take that to mean they have read not just the patch, but the commit description as well and the person approves of both. -- paul moore www.paul-moore.com
