On Tue Sep 12, 2023 at 6:39 AM EEST, Nayna wrote:

On 9/7/23 13:32, Michal Suchánek wrote:

quoted

Adding more CC's from the original patch, looks like get_maintainers is
not that great for this file.

On Thu, Sep 07, 2023 at 06:52:19PM +0200, Michal Suchanek wrote:

quoted

No other platform needs CA_MACHINE_KEYRING, either.

This is policy that should be decided by the administrator, not Kconfig
dependencies.

We certainly agree that flexibility is important. However, in this case, 
this also implies that we are expecting system admins to be security 
experts. As per our understanding, CA based infrastructure(PKI) is the 
standard to be followed and not the policy decision. And we can only 
speak for Power.

In the end this is dictating policy for no compelling reason, and
that is the bottom line here, not playing a mind game what type of
expertise a sysadmin might or might not have.

BR, Jarkko