Il 17 dicembre 2017 11:54:22 CET, Jeremie Courreges-Anglas <j...@wxcvbn.org> ha scritto: >On Sat, Dec 16 2017, Giovanni Bechis <giova...@paclan.it> wrote: >> On 12/15/17 17:51, Jeremie Courreges-Anglas wrote: >>> On Wed, Nov 22 2017, Giovanni Bechis <giova...@paclan.it> wrote: >>>> Hi, >>>> update to latest release, some bug fixes and pledge(2) support >>>> committed upstream. >>> >>> I don't use this but the update looks fine ports-wise. ok jca@ fwiw >>> >>>> Pledge(2) support is enabled only if the daemon is not run with "-o >no_drop_privileges" parameter; >>>> do we want to go the way upstream goes or should we disable the >possibility to disable pledge(2) ? >>> >>> I would not bother disabling this, but if you do make it obvious >that >>> -o no_drop_privileges won't work. If people use the option as >>> a workaround and slack off instead of reporting bugs, they're the >ones >>> not benefiting from pledge(2), which is not a smart thing to do. >>> >> what about this one ? > >I have a knee-jerk reaction whenever I see #ifdef SOME_OS, I would have >implemented this as a configure-time option which would be usable on >other systems that provide sandboxing. Words are cheap and I don't >care >enough to write a diff, so please go ahead with whatever suits you. ;)
As done in other diffs, I would like to go with a diff as simple as possible for our tree, then push a proper autoconf diff to upstream for next release. Giovanni
