On 2/23/20 4:59 AM, Hal Murray via devel wrote: > Should we drop secomp? It's a pain to maintain.
I wouldn't cry. > How many people use it? Richard: do you turn it on for the Debian builds? I do not. It seems really fragile to me. A change in an underlying library can break a working binary, possibly only in some scenarios. That's scary. It'd be safer (but still not completely safe) to enable if I had good (or any) "as installed" tests using Debian's autopkgtest, but I do not. I'm open to enabling it, but it's also unclear how much benefit it provides. What is it protecting the user from? How much value does it add if I'm already using AppArmor? -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
