On Fri, Dec 09, 2011 at 02:27:25PM -0400, Joey Hess wrote: > Kees Cook wrote: > > Uhm, it wasn't something that made sense to forward to Debian until now, > > since it would have had nearly zero value without the apparmor package > > existing in Debian. > > In other words, Ubuntu got a feature in 2007, presumably due to its > ability to globally patch packages and hire experts. Ubuntu used this > as an advertising point for three years or so, but by now the benefit of > doing so has dried up, and now Ubuntu is left with all these patches -- > so shove them off to Debian to avoid further maintenance costs.
I feel like documenting the history of AppArmor in this bug is a waste of time, but I'm happy to debunk your interpretation of events if it helps. The short version is simple: - the Debian kernel team refused to take the AppArmor kernel patches because it wasn't in the mainline kernel. - AppArmor was carried by the Ubuntu kernel team because Ubuntu wanted it even if it wasn't going to be in Debian. - AppArmor was taken upstream. - I uploaded the apparmor userspace package to Debian since now Debian would soon have AppArmor. - the Debian kernel team decided that now AppArmor wouldn't be enabled in Debian because they did not want to have non-SELinux LSMs built into the kernel because it might waste a small amount of space in the in-memory images. - I mourn for my sanity, but continue extracting the pieces needed for AppArmor to function in Debian, with the hopes of solving the disabled LSM memory usage problems at some point in the future once LSM stacking has also been solved. And this gets us to here. There is no conspiracy. Perhaps it would help to explicitly point out that I don't work for Canonical? Would it help to point out that I'm a Debian Developer? To get us away from this metaphysical objection, is there some technical objection you have to what the dh_apparmor helper does? > I choose to not participate in activities that enable Ubuntu's feature > lifecycle. This makes no sense at all. All of Debian enables Ubuntu. All of Debian enables all of our derivatives. > All the Debian developers you've mentioned have the ability to put > dh_apparmor in Debian if they choose. So do I. It seemed best to put it in debhelper, so I made you a debdiff and then got attacked in a most unexpected way. -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
