From noreply at release.debian.org Wed Mar 26 04:39:18 2025 From: noreply at release.debian.org (Debian testing watch) Date: Wed, 26 Mar 2025 04:39:18 +0000 Subject: [Pkg-swan-devel] strongswan 6.0.1-1 MIGRATED to testing Message-ID: FYI: The status of the strongswan source package in Debian's testing distribution has changed. Previous version: 5.9.13-2 Current version: 6.0.1-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From corsac at debian.org Wed Mar 26 19:25:49 2025 From: corsac at debian.org (Yves-Alexis Perez) Date: Wed, 26 Mar 2025 20:25:49 +0100 Subject: [Pkg-swan-devel] About the charon-systemd apparmor profile In-Reply-To: References: Message-ID: <6d8ac44eb57c026e96ecbbbb5d700557c15a898c.camel@debian.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 2025-03-25 at 10:47 +0100, Noam Nedelec-Salmon wrote: > As an part of an effort from the Ubuntu security team to expand AppArmor > coverage I have recently been looking for network services that lack active > confinement. Hi Noam, thanks for reaching out. Best would be to use the pkg-swan-devel at lists.alioth.debian.org mailing list (which I added to CC:) > > I noticed that the profile for charon-systemd in strongswan has been in > complain mode for quite some time and would like to inquire about the > reasons why that is the case. I more specifically would like to know: Could > it be switched to enforce mode as is? Does it need additional work and/or > testing beforehand? Honestly I'm not sure. I guess it would make sense to switch to enforcing mode but we are just pass the transition freeze for the trixie release cycle so I'm not sure it's the best time to actually do it, maybe it would make sense to wait for the next release (even if that means waiting for a complete release cycle). Do you know if the 'enforcing' mode has been tested elsewhere? Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmfkVL0ACgkQ3rYcyPpX RFv8BAf/YpfQBIA2IDqhTZ1yeZueAIzISNzfBXnYtn0cDcPEIWBpqbFR/VohK/ht gVjc4AKnyxR3WJdZkTN0FpekcEegv6wytYHVS928h/Q0ECPajp4pPSXd1MwT54R8 U9hKMH+NX81o7wgzwgLN+Va7EvfwMgPZwV67crm3Kp5Zer9sOKnu82cWAfQ6OtI6 zkoy4RKvQraPaGBjyzDWZTrDBgVT6d31daw8YYTqzRgi49kkiSjn8g5NM2eSfRGC orukNgYKDhaGTK0+hGR4I4Siomk8h1yyDpRSZHd4VulhxcM9WPeKh4Kr00YpYjoP psnskyLH73wqMdBYwF0l2y6TV51ntQ== =tRVg -----END PGP SIGNATURE-----