On 12.08.2015 15:16, intrigeri wrote: > Actually, usr.sbin.ntpd has been in the upstream VCS for years. > > In practice, mostly OpenSUSE folks are maintaining it there, while > Ubuntu is maintaining its own, that's shipped in the ntp package there > (and in apparmor-profiles-extra in Debian). > > The current diffstat between these two versions is: > > usr.sbin.ntpd | 81 > +++++++++++++++++++++++++--------------------------------- > 1 file changed, 35 insertions(+), 46 deletions(-) > > So, next step is actually *not* to switch to upstream's profile (via > apparmor-profiles), but rather to merge these two diverging profiles > upstream. Then only, we can switch to upstream's one and deal with the > conffile migrating between packages. > > Meta: I'm personally not very interested in ntpd (I'm more into > systemd-timesyncd these days), so it's very unlikely that I work on > this again.
We need to make a general decision on how we want to ship profiles. Personally I think it's a bad idea to maintain profiles inside apparmor and ship them as a package: - We should only ship profiles that have actually been tested on Debian. - They shouldn't be coupled to the apparmor release cycle. In the current state I wouldn't recommend installing apparmor-profiles. It feels more like a profile dumping ground of partially maintained profiles that are disabled / in complain mode. I'd rather ship a smaller set of profiles that we know work well. Maybe we can discuss this next week at Debconf? Cheers, Felix
