Hi, as some of you know, I've been working on including more AppArmor profiles into Debian.
Importing stuff is not that hard as a one-shot job, but I am concerned about long-term maintenance, and am not convinced by the current workflow and infrastructure we have to maintain profiles once they are deemed ready for production and leave lp:apparmor-profiles. http://wiki.apparmor.net/index.php/Profiles#Development reads: Once a distribution representative has decided that a profile is ready for production use, it will be added to the distribution's main packaging. The profile in the repository will then be replaced with a text file describing where the profile has been moved to, and the procedure to file bugs against it. This seems to imply that once, say, the Totem profile as ready for production, we won't have any cross-distribution place to share the maintenance work and VCS history. Practically speaking, in the current state of things, this means I would have to create tools to track changes in the profiles shipped in Ubuntu packages, that I've picked for the Debian apparmor-profiles-extra packages; also, improvements Debian might want to contribute will have to go through patches proposed against the individual Ubuntu packages. All this is perfectly doable, but I wouldn't say it encourages shared maintenance of profiles. So, I have a few questions for more experienced people around there: 1. I've little experience maintaining profiles in a cross-distro way, but I suspect that tunables should be enough to cope with most distribution-specific deltas. What do you think? 2. Was this discussed previously? Was the idea of a cross-distro VCS repository for shared maintenance of profiles investigated yet? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
