I agree with this. In my professional past I always pushed back on kernel modules unless everyone on the project agreed that once installed this was no longer Linux but rather a proprietary appliance and the 3rd party is now responsible for the uptime and security of the server. The DevOps and operations teams are entirely off the hook for supporting that appliance. I won most battles, lost a few. There was always some vendor trying to sell a SSD card that required a kernel module instead of just presenting itself as a generic SAS devices really a really high queue depth.
I would make an exception if someone managed to get Linus Torvalds to sign off their kernel code. Nobody ever bothered and there were always awkward but predictable silent pauses from vendors.
Oh and add to this all of the servers handled the most sensitive data to ever touch the internet. Vendors would sometimes entertain the idea of their code getting 3rd party code and security reviews but it never got past the idea stage.
I would make an exception if someone managed to get Linus Torvalds to sign off their kernel code. Nobody ever bothered and there were always awkward but predictable silent pauses from vendors.
Oh and add to this all of the servers handled the most sensitive data to ever touch the internet. Vendors would sometimes entertain the idea of their code getting 3rd party code and security reviews but it never got past the idea stage.