Thanks Linus, you wrote exactly what people are thinking when they have their test systems broken for several RCs.

There is no mess. No distro is expected to work out-of-the-box with every new kernel. The distros in question actually create their own set of kernel patches and take their time in adopting new kernels. There is always plenty of patching going on before these distros start using a newer kernel. To there complain about a new kernel not working with existing distributions, because a commit fixes something while older software still only tries to work around it, is just pure hypocrisy.

I bet Linus is unhappy with the security code for a while now, but couldn't find the right words to express his predicament. So he lashed out at the first chance he got and this is it. I bet he doesn't even understand why he acts the way he does, but acts out of impulse.

You don't need to make excuses for Linus. He is know to have this behaviour for a long time.

There's a pretty clear difference between making a well motivated change in the kernel that breaks some userspace stuff and just causing a regression, refusing to debug or fix it and instead telling userspace developers to figure out what's going wrong and trying to come out with a fix for it on their end. Seriously, userspace should not have to compensate for bugs in the kernel, specially not when it's just because the people who introduced the regression saying they can't be bothered to figure it out themselves .

While Linus' choice of language may have been less than optimal, he wasn't wrong in reverting the regression-introducing patch and telling the guilty maintainer that he can't just break userspace for no reason. If you're going to break stuff, you should at least have a reason to do that and this was clearly lacking here. This sort of attitude where security devs just break userspace for no reason and expect userspace devs to compensate for their mistakes is unfortunately pretty common for Linux security people. I wonder if it's about time for Linus to start flat-out firing the lead security maintainers and replacing them with people who break userpace only when there's a good reason and not just "One of us made a mistake and we can't be bothered to fix it or figure out what it was".

I don't think you quite understood what actually happened here... This wasn't a new security feature breaking userspace, it was a plain old regression, which the developers who introduced couldn't be bothered to either debug or fix, but instead decided to tell the userspace developers to figure it out and compensate for it in their code.

It's what the AppArmor guy did. The distros were already adding patches to their existing software (or rather their AppArmor rule sets) to work with the upcoming 4.14. This wasn't a bug, just business as usual, until Linus decided to take a dump on somebody ...

Also, do yourself a favour and look at the headline of the article:

Linux 4.14-rc7 No Longer Clashes With AppArmor ...

Notice anything? It names the exact kernel version, but doesn't say a word about what version of AppArmor it is it clashes with. That's messed up. It's almost as if AppArmor is of more significance than the kernel development itself.

I love the smell of butthurt in the morning.

Or as if Micheael didn't write it.

No, I'm explaining why your post is bullshit. Linux API torwards userspace is stable, Linux interface with drivers is not, so NVIDIA drivers breaking on every kernel release is not relevant here.

Tangential.
Linux kernel API (towards userspace) is supposed to be stable and retrocompatible, this change broke this promise.
The fact that one side can work around the other is not relevant.

fixed.

Really, I understand that Torvalds is acting like an ass as usual and that isn't professional, but the technical side of things is still airtight.

No. He didn't write it.

What if it had said Linux 4.14-rc7 no longer clashes with AppArmor 2.11... ?

No. Bullshit is when you try to explain why you think the way you do.

The commit doesn't change the API, but adds something new to it. The mistake was that some AppArmor configurations were outdated.

Only once Linus threw his tantrum and came up with his bullshit explaining why this was suddenly a regression and not just a new security feature, which people needed to embrace, do the spit lickers begin to suck up the BS and feeling empowered by it now use it to justify about anything.

It still is just a new feature and Debian, not being the most modern distro, used an outdated ruleset and thereby cut off its network connection.

I guess some folks got scared by 4.14 when they suddenly lost their network connection and could no longer ask Google for a solution.