Web lists-archives.com

Re: Let's enable AppArmor by default (why not?)


Ritesh Raj Sarraf:
> But I see there's an apparmor-notify package.

Sadly it's not well integrated in Debian currently.

Root cause of the problem:

Short term workaround: https://bugs.debian.org/759604

> Maybe that is the answer.

I suspect the expected benefits are not worth the effort. I'd rather
see us put efforts in automated testing (to identify & fix bugs before
they affect less tech-savvy users) and in fixing actual UX
stumbling blocks.

(apparmor-notify is merely a glorified log reader displaying low-level
technical details in a GUI. So the info it gives people who are not
tech-savvy is essentially "the problem I'm experiencing might have
something to do with AppArmor". I suspect they will have a harder time
interacting with our BTS than copy'n'pasting the corresponding
AppArmor logs, and apparmor-notify won't change that.)