[pkg-apparmor] Planning AppArmor work at DebCamp17 [Was: Share your plans for DebCamp17]

intrigeri intrigeri at debian.org
Sat Jul 22 06:27:12 UTC 2017 

Hi!

Jonathan Carter:
> DebCamp17 is taking place in Montréal, Canada between 31 July and 4
> August 2017. It's the week that precedes DebConf and it's meant for
> contributors who plan to work on their Debian related tasks. Some do
> this working on their own, and some people participate in sprints. Both
> are perfectly fine, but we highly encourage you to plan your DebCamp
> time in advance.

Here's what I want to work on during DebCamp. Questions for you folks
(both Debian and non-Debian people who read this list) follow.

intri's plans
=============

(in decreasing order of priority)

 * Draft a plan to propose enabling AppArmor by default in Buster,
   including:

   - write pros/cons for Debian users, e.g.:
     · security: examples of security issues that AppArmor has
       mitigated
     · impact on boot time
     · breakage of functionality: analyse how much breakage AppArmor
       has caused in the past, and how quickly it's been resolved

   - analyse cost for maintainers of affected packages (starting with
     data about how often profiles had to be updated during the
     Stretch development cycles)

   - write selling points to the Debian security team, if we have any

   - clarify who we can count on to support package maintainers while
     they get used to having AppArmor on their systems, and more
     importantly to *users* having AppArmor enabled

   - if time allows, send this proposal to debian-devel@ and follow-up
     both over email and with a (possibly informal) BoF during DebConf

 * Triage our bug reports.

 * Propose maintainers to include profiles currently shipped in
   aa-p-extra in their own package (not all of them are ready for
   prime-time, but some are).

Questions
=========

 * Comments, suggestions about the above plan?

 * Do you want to participate in any of this, either face-to-face
   or remotely?

 * @non-Debian people (e.g. Ubuntu and OpenSuSE): would you be ready
   to chime to support the "enable AppArmor by default in Debian"
   proposal, e.g. with data, or less formal testimonies, coming from
   your experience working on a distro that has AppArmor enabled
   by default?

Thanks in advance!

Cheers,
-- 
intrigeri

More information about the pkg-apparmor-team mailing list