On mar., 2016-01-19 at 03:02 +0000, ban...@openmailbox.org wrote: > Please take a look and decide if you can include it for better > usability.
Please provide diffs against current package version or git, and attach them to the bug. Explain why you think it makes sense to have them in the package. Note, as the blog post says, that it's *secure* default, because each and every use is different, and people have to make their own choices. It might make sense to ship multiple config files (or rather, have different packages), like “desktop” or “server” but: - no config will fit everyone anyway - there will be requests for tuning this or that on this or that config - there will be requests for adding new “profiles” So at one point one should draw a line. It's dead easy to edit the config, so one has just to make sure people can find the information. I don't really want to make a debconf script for that, but it could be a possibility too. > > I've also worked on a paxctld.conf file with some changes to make it > work with Debian binaries. It still needs testing but is a great start > for any further work. I am unsure as to whether paxctld supports .d > configs or if there is a file that Debian plans to ship - you can just > use mine. paxctl will need a dh-systemd service file which I'm yet to > include. I'm not involved in any paxctld effort so I couldn't say. But I'm unsure if it'd make sense to have the config file in linux-grsec-base rather than in a paxctld package. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
