[pkg-apparmor] Bug#981442: apparmor: Please do not install by default or depend on python3

intrigeri intrigeri at debian.org
Mon Feb 1 08:16:23 GMT 2021


Hi Samuel,

Thanks for bringing this to our attention. For now I'll focus on
trying to understand the scope and severity of this problem.

Samuel Thibault (2021-01-31):
> As of Debian bullseye alpha3, apparmor is getting installed by default
> even in the base system,

To be clear, in this context "base system" is d-i terminology, right?

> bringing with it python3 and thus 30MB of
> various stuff that didn't used to get installed in the past, which I do
> not think we want.

Could you please confirm whether "in the past" means "in Stretch and
older" here, or something else?

I'm asking because AFAICT, the chain of dependencies has not changed
between Buster and Bullseye:

 - the Linux kernel images Recommends: apparmor
 - apparmor depends python3:any

> Could you have a look at not installing apparmor by default,

For context, the current (Buster, Bullseye) status of enabling
AppArmor by default is the outcome of years of work and of a long
discussion on -devel@ ("Let's enable AppArmor by default (why not?)"
starts at 857eyij4fb.fsf at boum.org, August 2017). This of course does
not imply it's set in stone nor that we can't improve things :)

> or avoid making it hardly depend on python3?

I did not check how hard that would be yet. If this is a post-Buster
regression, I'll do my best to look into it shortly!

Cheers!



More information about the pkg-apparmor-team mailing list