Hi Andreas, Andreas Henriksson wrote: > https://src.fedoraproject.org/rpms/gpm/blob/master/f/gpm.service > > https://git.archlinux.org/svntogit/packages.git/tree/trunk/gpm.service?h=packages/gpm > > These should serve as a base
Nice, thanks! > (and it would be nice if someone upstreamed one of these, to unify > distros around a single one and prepare for further improvements). Can do, just can't promise when I'll do that. > Please also note that the gpm init script used in Debian[1] is not > the one shipped by upstream[2]. Yes, known. > The Debian version contains a home-grown config file parsing > feature. This should rather be implemented by the daemon itself (if > needed, or the config file deprecated). I tend to disagree here. The config parsing feature could be implemented as patch against upstream to easier keep up with upstream changes. > The gpm daemon is one of those long-standing things which likely > contains alot of legacy code. It would be nice if the attack surface > could be limited by applying some of the systemd security features > to the service as a future further improvement. eg. Protect*, > Private*, *Privileges, *Capabilit*, etc. See: > https://www.freedesktop.org/software/systemd/man/systemd.exec.html I strongly disagree here and surely won't propagate that. From my point of view KISS is the far better security concept than adding systemd bloat. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
