Hi, Chiming in here because I can send email.
On Tue, Aug 15, 2017 at 05:10:37PM -0700, Chris Lamb wrote: > Hey David, > > > memcached: Please add hardening to systemd .service file. > > Note that this is merely merging upstream's .service file (which is in the > orig tarball) into the Debian one. fwiw, I consider this the wrong approach. Next time upstream adds more useful stuff, our shipped unit files will yet again be outdated and missing out on things. A better approach would be to install the upstream service file. In case there's a need for debian-specific adaptions of it, then just use the standard mechanisms and ship a debian/patches/foo.patch file with the changes you need. (See source format "3.0 (quilt)".) Upstream systemd is designed in a way that unit files can and should be maintained upstream instead of in (downstream) distributions. This is to allow the best possible unit files to be collaboratively created and reviewed by those who knows the inner details of the code best (while also avoiding pointless differences between distributions). You're basically inventing your own (inferior) patch system by doing it the other way around. See also #850157 for people who want to explicitly forbid that. Regards, Andreas Henriksson