[pkg-apparmor] Bug#981442: apparmor: Please do not install by default or depend on python3
Samuel Thibault
sthibault at debian.org
Mon Feb 1 09:23:15 GMT 2021
Hello,
intrigeri, le lun. 01 févr. 2021 09:16:23 +0100, a ecrit:
> Samuel Thibault (2021-01-31):
> > As of Debian bullseye alpha3, apparmor is getting installed by default
> > even in the base system,
>
> To be clear, in this context "base system" is d-i terminology, right?
Yes. That's when one selects no task, so the absolute minimum that gets
installed.
> > bringing with it python3 and thus 30MB of
> > various stuff that didn't used to get installed in the past, which I do
> > not think we want.
>
> Could you please confirm whether "in the past" means "in Stretch and
> older" here, or something else?
I'm surprised here. It does seem that Stretch, even as 10.0, does
install apparmor and thus python, indeed. But I check for the install
size before each Debian release, and did not notice that. Perhaps the
apparmor recommendation appeared late in the Stretch process. I'm
not sure whether debian-boot was aware that python ended up getting
installed.
> > or avoid making it hardly depend on python3?
>
> The only reason why apparmor "Depends: python3" in current testing/sid
> is that /usr/sbin/aa-status is written in Python.
>
> Upstream commit 8f9046b1b179190d0003ae1beacf460ee93c5090, included in
> upstream 3.0.0 release, and thus in Debian experimental already,
> ported that program to C, which should allow dropping the dependency
> on python3. I did not check how hard it would be to backport
> this commit.
That would be great to backport!
Samuel
More information about the pkg-apparmor-team
mailing list