On Fri, May 9, 2025 at 11:27 AM Antonio Russo <aeru...@aerusso.net> wrote: > I'm tagging this bug as a security bug because it needlessly > starts a process that should not be running as root.
Have you sent your patch to the security contact at https://www.bluez.org/development/security-bugs/ yet? I wouldn't consider myself a security expert, but I don't think this is a security bug and that the importance you have set is too high. It is fairly rare in Debian to use ConditionUser=!root https://codesearch.debian.net/search?q=ConditionUser.*root&literal=0 That doesn't mean that we shouldn't make your requested change, but if this is a security vulnerability, then there could be thousands of similar vulnerabilities! We are effectively in Hard Freeze for Trixie so at this point I am leaning towards not requesting an unblock from the Debian Release Team to try to get this change into Trixie. Thank you, Jeremy Bícha
