intrigeri <intrig...@debian.org> 于2019年1月5日周六 下午8:45写道: > > Hi, > > Vincas Dargis: > > intrigeri what's your take on this? Where should new profiles be > > "placed"? > > Having the policy live along with the software it confines, i.e. > in the upstream VCS, is ideal, as long as upstream somewhat cares > about it and the maintainer of said policy tracks upstream changes > and updates policy before releases. > > If that's not possible, shipping the policy with the Debian package > that ships the software is great. > > Maintaining policy elsewhere (e.g. apparmor-profiles-extra) creates > all kinds of busywork, policy is bound to be outdated from time to > time, and it's not sustainable on the long run. I see it as > a temporary stop-gap and not a good long term solution. > > In any case, it's good to have experienced eyes review the policy :) > > > P.S. I know you don't want new profiles for Buster, and I am not > > really targeting Buster (especially due to GUI-application-confining > > issues), let's see this as (yet another) long-term personal > > project :) > > :) > > Cheers, > -- > intrigeri
OK. Once you're done, just reply to this bug with profile attached. I'll take care of it in the next release.
