@pid_eins UKIs are fine, but systemd-stub churn every release makes it more of a liability than a stable foundation to build on.

Stuff like sysexts etc could poke holes in established security models similar (but restricted in scope) to how systemd poked giant holes into full disk encryption when it added DDI automount.

It's a massive effort to keep up with changes and validate them and it's pretty concerning. So you might end up not doing that, and end up with vulnerabilities in your product.