Hello, intrigeri, le lun. 01 févr. 2021 09:16:23 +0100, a ecrit: > Samuel Thibault (2021-01-31): > > As of Debian bullseye alpha3, apparmor is getting installed by default > > even in the base system, > > To be clear, in this context "base system" is d-i terminology, right?
Yes. That's when one selects no task, so the absolute minimum that gets installed. > > bringing with it python3 and thus 30MB of > > various stuff that didn't used to get installed in the past, which I do > > not think we want. > > Could you please confirm whether "in the past" means "in Stretch and > older" here, or something else? I'm surprised here. It does seem that Stretch, even as 10.0, does install apparmor and thus python, indeed. But I check for the install size before each Debian release, and did not notice that. Perhaps the apparmor recommendation appeared late in the Stretch process. I'm not sure whether debian-boot was aware that python ended up getting installed. > > or avoid making it hardly depend on python3? > > The only reason why apparmor "Depends: python3" in current testing/sid > is that /usr/sbin/aa-status is written in Python. > > Upstream commit 8f9046b1b179190d0003ae1beacf460ee93c5090, included in > upstream 3.0.0 release, and thus in Debian experimental already, > ported that program to C, which should allow dropping the dependency > on python3. I did not check how hard it would be to backport > this commit. That would be great to backport! Samuel
