Hi Salvatore, I'm not entirely sure how to reply to this.I feel strongly about this issue; that's why I opened the bug in the first place.
Salvatore Bonaccorso wrote:
Let me try to be more verbose. There are the mentioned issues in the bug which explain why in Debian the decision was to disable yama by default (instead of having enabled it by default), which are related to debugging. It does not mean that users cannot take advantage of the Yama protection, but the sysctl know need to enable it. So it is just hte other way around.
Well, yes, thanks for correcting Tobias, but I don't think this is a good default. Almost no users will enable this setting, because they won't know that it exists. I know about the line in dmesg but I really doubt that people are going to read their dmesg line by line and search for possible options.
Also, most users probably won't debug applications.
What I mean with not having reconsidered is that the potential change has not made it to neither bookworm, nor trixie (to late now) and we have not seen other real interest to have it reversed.
Sorry, but this is a circular argument. "We're not doing it because we haven't done it yet."
Cheers, Niklas
OpenPGP_signature.asc
Description: OpenPGP digital signature
