Now that we have hardening enabled for the base system (through a whitelist), shouldn't we consider to turn it on by default and perhaps manually disable it for known-to-be-broken packages? In other words, should we switch from a whitelist to a blacklist?
Cheers, -- Fabio Erculiani
