On Jan 02, Noah Meyerhans <no...@debian.org> wrote: > I'm entirely happy to reassign this request to systemd and have the > setting applied more broadly. The question that arises then is what to > do about the file-level capabilities on the ping binary. Ideally we > drop them entirely (including the setuid fallback), but when? Some options: - conflict with systemd < version_with_the_new_default - wait for a full release and then just drop it - when sysctl in postinst reports the new default - a mix of the last two options
I suggest that you improve the ping error message to also mention the sysctl (or maybe an appropriate writeup in README.Debian?). -- ciao, Marco
signature.asc
Description: PGP signature
