Moin Tobias, Thanks for acting on the bug.
On Thu, May 01, 2025 at 05:42:41PM +0200, Tobias Fiebig wrote: > Moin, > > Could you please elaborate on the decision to close this without > reconsidering? > > Essentially, the option to use a security feature is taken away from > users (i.e., no option to enable it without rebuilding the kernel); > > Not taking the option away from users would mean that those who would > want to disable it would have to use an available sysctl. > > To me, the latter sounds very much like an ideal scenario from a > usability/security trade-off? Let me try to be more verbose. There are the mentioned issues in the bug which explain why in Debian the decision was to disable yama by default (instead of having enabled it by default), which are related to debugging. It does not mean that users cannot take advantage of the Yama protection, but the sysctl know need to enable it. So it is just hte other way around. What I mean with not having reconsidered is that the potential change has not made it to neither bookworm, nor trixie (to late now) and we have not seen other real interest to have it reversed. In the sense to finally clean up our longstanding bugs down I have decided to close the bug, still with a clear note that if people feel strong about the decision to reopen the bug with an expalnation on why a particular feature is still desired (this time maybe for Debian forky). Hope this englights on the purpose of the bug closure. Regards, Salvatore
