I would like to make a couple of improvements to security features in stable:
1. Add the option to disable unprivileged use of perf_event_open(). This rwequires a small out-of-tree patch that we've carried in unstable for some time. In unstable this is also enabled by default, but I don't propose to do that in stable. 2. Enable seccomp (system call filtering) for ARM architectures (armel, armhf, arm64). This is an architecture-dependent feature that is enabled on all other release architectures. For arm64 this requires a backport; for the others it's just a config change. This expands the size of armel images by about 1K. Are these suitable for a stable update? Ben. -- Ben Hutchings I say we take off; nuke the site from orbit. It's the only way to be sure.
signature.asc
Description: This is a digitally signed message part
