Benjamin Lee McQueen <[email protected]> writes: > > is the usual approach to pledge everything that CAN be pledged, > or focus on programs with clear attack surface? > > if the former is true, i can provide a diff for arch to be pledged > and send to tech@
at initial phase of development of pledge(2), using it in lot of very programs was part of the development: it permited to see how the API was usuable with large variety of real programs, and refine it if need. currently, trying to pledge as much as possible programs isn't that important, specially for very simple tools. it doesn't hurt per se, but I would not invest lot of time in this work. Regards. -- Sebastien Marie
