Wtf is this? The Teenage Programmer Manifesto?

If your work is a pile of hacks with no stable external interface none will use it, as people don't like using their valuable time adjusting their application to yet another of your "changes that makes sense".

And what is worse, it will become progressively harder to maintain even for yourself.

It's you failing to get it.

AppArmor is a reduced and cleaned-up SELinux which is a hacked together partial knockoff of grsecurity which is in itself a compromise aiming at "hardening" the kernel's key structs and many similar other features. Oh, and it's all running on top of x86 hardware and C so you're effectively starting this discussion off "a pile of hacks" at every abstraction layer above the microcode.

Back to topic, security devs tend to develop a security-state like bias towards user-land breakage; Where, at first they'll only break APIs if a credible discovery and proof-of-concept were issued; But then, over-time, become your typical American cop that prefers to shoot first and ask questions later.

So, 3 weeks into it with no end in sight, Linus decided to pull the curtains on this over / poorly produced security theater matinee. The timing isn't perfect since user-land was just about to catch up... But I guess for Linus enough is enough.

It may have to some extent been business as usual, but definitely not in a good way. Yes, Linus took a figurative dump, but he took it on someone who actually deserved it. The fact that you work with security doesn't mean that you get a free pass with your mistakes and it's somehow everyone else's job to compensate for your mistakes. If you make a mistake, you fix it or at least try to help the people trying to fix it.

Seeing how you just don't seem to get it: It wasn't the added feature itself that broke AppArmor, it was a bug that was introduced with the push that broke AppArmor.

We're not talking about an academic research OS like Barrelfish here, we're talking about an OS used in actual production environments so leaving in mistakes into code simply because the people who made that mistake can't be bothered to fix it is simply not acceptable. If this is too hard for you to understand, you probably should do everyone a favor and stay out of working on mainline Linux.

Doesn't really matter what version/versions of AppArmor that it clashes with when it's not actually AppArmor's fault. If you make a mistake and break other people's applications, it's your fault, not theirs. It's as simple as that.

Nobody deserves it. Backing it up is the same as trying to find idiotic reasons and explanations for Donald Trump's behavior towards army veterans, or to give a worse example, why this guy did what he did.

And then there are people who walk across a red-light when they are completely alone with no traffic around, because they want to be somewhere. Others smoke weed in countries and states where it isn't allowed. One can bend and break rules without anyone throwing a tantrum.

We then need to compile a new version of perf with almost every new kernel. It isn't even a tool only for admins and maintainers, but it's of use to anyone. And yet is it not a regression when we cannot use an old version of perf with a newer kernel.

The whole talk about how this was a regression remains bogus, because we know these rules get ignored, bend and broken, or only watered down by distro maintainers for many reasons - perfectly good and understandable reasons. Just in this situation did common sense fail and an idiot got to throw a tantrum.

Now you want to talk about whose fault it is when an idiot throws a tantrum. That's like being a woman in Hollywood and working for Weinstein.

I was under the opposite impression. Didn't they introduce a new security feature that, given that access is denied by default, would deny access to the internet unless given permission to the application?

Uhm.... I was not talking of that. I was talking of structuring your own project so that it is maintainable.

And I find questionable your statements on AppArmor and SELinux, neither are hacked-together knockoffs of grsecurity, as they focus on mostly other stuff entirely.

I disagree. The kernel is usually remarkably stable, I'm usually able to use newer kernels if it weren't for using out of tree software (ZFS), and even that usually works pretty quickly. I think the distros applying lots of patches to the kernel is a mistake. Too much effort goes into maintaining out-of-tree things already.

There are rules set down by Torvalds and others and he has agreed to follow them, if he breaks them then he deserves to be punished.

Heh, perf is a tool living in the kernel repo, and is shipped together with it. https://git.kernel.org/pub/scm/linux...ree/tools/perf
Same story for other kernel development/debugging tools. They use/rely on unstable APIs like driver stuff or whatever else depending on kernel internals they are profiling/debugging.

So far all provided examples were invalid.

As long as he isn't caught by the authority, or peers.
It's a bit hard to do in kernel development.