On Mon, Nov 17, 2025 at 05:44:28PM +0000, Christopher Klooz wrote: > > On 17/11/2025 17.10, Daniel P. Berrangé wrote: > > Also currently the Change title is describing the mechanism of > > of the change, when it should describe the behavioural change > > in a way that both Fedora maintainers and Fedora end users will > > easily understand. > As mentioned in my second email (about 3 hours after the first one > [16/11/2025, 15.54 in UTC+1]) that considers the feedback of Discourse, > the URL will be adjusted to the updated title before submitting -> > "Change kernel.yama.ptrace_scope to match kernel defaults (mitigates > some attack vectors)" -> so at least this issue is solved before > submission 🙂 (change summed up in > https://discussion.fedoraproject.org/t/new-proposal-about-kernel-yama-ptrace-scope-two-perspectives-on-this-case-im-open-to-suggestions/172815/8 > ) > > > > IOW, as well as radically reducing the walls of text, it would > > be much better for the title (and thus URL) to be approximately > > > > "Disable ptrace for unprivileged users by default" > I would stick with the suggestion of Fabio (see the discourse > link above), as this one is not 100% true, even if this is > likely to be the practical outcome in most cases. Keep in mind > that child processes will not be affected, even in unprivileged > contexts.
IMHO describing the functional impact of the change is better than his. With the "Change kernel.yama.ptrace_scope to the kernel default" it is still requiring people to learn what 'kernel.yama.ptrace_scope' actually does, and then further read up on what the default behaviour is. This is needlessly indirect. With the suggestion I made above, it is clear from the title what the change will broadly do without needing to read anything more. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
