hmm, does generating on shutdown really make sense ? what if i skip a few upgrades (which is a pretty common case, i.e. my moms phone only gets updated when i visit her. and i know enough (non geeky) people that simply ignore upgrade notifications altogether on their phones), meanwhile apparmor changed profile handling in an incompatible way ... the new binary wont be available until after reboot to generate the profiles the right way, so i end up with broken profiles after reboot ... while it is surely easy on deb based systems simply because you have the new app binary around, doing it before reboot on system-image or snappy installs means your existing binary needs to be forward compatible to all possible changes that may come with the new binary only after reboot (this could be a one version, a ten version or even a 100 version jump depending how long you didnt upgrade).
having it done after reboot and simply implementing some feedback UI seems to make a lot more sense as it has a lot less risks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1350598 Title: AppArmor policy compile improvements To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1350598/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
