Hal Murray via devel <devel@ntpsec.org>:
> Should we drop secomp? It's a pain to maintain.
We're a security-focused prodict. I don't think it would be good optics
to drop a layer of defense just because it's a pain to maintain.
> How many people use it? Richard: do you turn it on for the Debian builds?
I have no idea hpw many people use it.
> How does seccomp compare to a jail? Why don't we have a good web page on how
> to setup and use a jail? Does systemd have a jail option? Does anybody run
> in a jail? ...
We don't have a good page on jails because I'm not experienced at setting them
up
and mostly other people don't imotiate documenting things.
> Testing the version of the seccomp header file is probably cleaner than
> testing for Arch.
Agreed.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
