Hello, your mail looks great, and I have only a few small comments:
Am Donnerstag, 3. August 2017, 23:20:20 CEST schrieb intrigeri: > AppArmor confines programs according to a set of rules that specify > what operations a given program can access, e.g. it can prevent your > PDF reader and video player from accessing your GnuPG secrets keys and ... secret__ keys ... ... > A proposal > ========== ... > Note that the best way to address them quickly enough is sometimes > to simply disable the problematic AppArmor profile: it's cheap, > doesn't require advanced AppArmor skills, and IMO a smaller > AppArmor policy enabled by default is more useful than a broader > but less robust one that only a couple thousand users benefit from. I understand why you wrote this, but I'd still prefer to recommend aa-complain + collecting logs here ;-) ... > What's the history of AppArmor in Debian? > ----------------------------------------- > > AppArmor has been available (opt-in) in Debian since 2011. In 2014 > a Debian AppArmor packaging team was created, that has been taking > care of the AppArmor packages and policy since then. > > In the last 3 years the AppArmor policy shipped in Debian was extended > substantially and its coverage is now on par with Ubuntu's. It's > still rather small due to the strategy we chose: we wanted to avoid > traumatizing early adopters and to avoid creating a culture of > "AppArmor always breaks stuff, let's get used to disabling it". So > like Ubuntu, we're shipping a rather small and mature AppArmor I apply the same strategy to openSUSE, so feel free to change this to ... like Ubuntu _and openSUSE_, we're shipping ... ;-) Enjoy DebCamp and DebConf, and good luck in getting AppArmor enabled by default! Regards, Christian Boltz -- you are expected to know what you're doing (e.g. you're a test script). [Steve Beattie in apparmor]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor