[pkg-apparmor] Shipping empty local/ files

[intrigeri]

Hi,

Christian Boltz (2025-05-19):
> The nice thing about "include if exists" is that the local/ file doesn't 
> need to exist, and doesn't need to be shipped in the package.
>
> Actually I changed the openSUSE packaging to no longer ship empty 
> local/* files because
> - they have limited use (users can always create them as needed)
> - they add lots of noise to /etc/apparmor.d/local/ (have fun finding 
>   the one modified file between all the empty/comment-only files)

Right. OTOH this ensures the files are created with the correct name:
without these files I can imagine UX problems with users creating
override files with a typo in the name, and getting very confused as
to why their rules are not taken into account.

> Now I wonder - would it make sense for Debian to also stop shipping the 
> empty/comment-only local/* files, and let users create them as needed?

I have no strong opinion. I can see pros & cons to both approaches.
If someone feels strongly about it, wants to do the work, and is
prepared to handle the fallout: please volunteer, develop & propose
a migration plan, and we'll talk about it :)

Related: https://bugs.debian.org/993568

Cheers,
-- 
intrigeri