arrowscr...@mail.com wrote: > I know about the pledge(2) development, but systrace and pledge are > not mutually exclusive. Pledge need to be used inline, where systrace > can be used as a command line tool. > > If you remove it, many scripts that use systrace for privilege > reduction will broke.
I guess the question is: how many people actually use systrace in scripts? Probably very very few. > Of course, you can put it on packages, but if you follow this logic, > shouldn't other tools be also removed and be on packages? banner(1) > for example, is kind useless. The cpan(1) pkg manager from perl also > could be in packages. Same with sqlite3, I think. Or telnet, since > almost no one uses it anymore. Etc. I'm pretty sure that you can't package systrace because it needs to be supported by the kernel. I expect that that's part of the reason why it was removed: axing it simplifies and quickens the kernel.
