[pkg-aa-profiles-team] Advance inquiry: apparmor-profiles-extra package
intrigeri
intrigeri at debian.org
Wed Mar 26 11:01:23 UTC 2014
Hi ftpmasters,
in the last few years, I have been working on improving AppArmor
support in Debian. Wheezy supports it, but ships very little
confinement profiles. My current focus is to add more such profiles
for Jessie, and to make it easy for users to opt-in for it.
My strategy is:
* to get the profiles included in the corresponding package when the
maintainer feels like it (which is often equivalent to: either the
profile is shipped in the upstream tarball, or the Debian
maintainers work closely with the Ubuntu ones); this has worked
for a few packages already:
https://wiki.debian.org/AppArmor/Progress#Included_in_the_corresponding_package
* and else, to bundle profiles in a new package, called
apparmor-profiles-extra.
This approach was suggested to me by Stefano Zacchiroli, and my
rationale was explained in more details there:
https://lists.debian.org/debian-security/2014/01/msg00008.html
I'm getting close to the point when I'll want to do a first upload of
the apparmor-profiles-extra package. This initial version will "only"
ship 3 profiles, but I plan to make it grow during the Jessie release
cycle and later. Hopefully, at some point this effort towards better
AppArmor support will get more traction, AppArmor expertise will be
better spread in our community, maintainers will more actively include
profiles into their own packages, and this profiles bundle package
will be obsolete. We're not there yet, though.
I'm aware the ftpmaster team is historically somewhat reluctant to
packages that ship a small number of files, especially when these
files qualify as configuration, hence this advance request: would you
object to seeing such an apparmor-profiles-extra package in the
Debian archive?
If it may be useful, the draft source package lives in the
collab-maint/apparmor-profiles-extra.git repository on Alioth.
Thanks for your attention and for all the great work you're doing!
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
More information about the Pkg-aa-profiles-team
mailing list