:: Re: [DNG] KUserFeedback
トップ ページ
このメッセージを削除
このメッセージに返信
著者: tito
日付:  
To: dng
題目: Re: [DNG] KUserFeedback
On Sun, 05 Sep 2021 11:07:59 +0000
g4sra via Dng <dng@???> wrote:

> On Sunday, September 5th, 2021 at 11:54 AM, tito via Dng <dng@???> wrote:
> > On Sun, 05 Sep 2021 10:18:15 +0000
> > g4sra via Dng dng@??? wrote:
> > > On Sunday, September 5th, 2021 at 11:15 AM, tito farmatito@??? wrote:
> > > > On Sun, 05 Sep 2021 08:54:14 +0000
> > > > g4sra via Dng dng@??? wrote:
> > > > > <--snip-->
> > > > > >     Comments and better ideas are welcome. 

>
> > > > > Apparmor
> > > > > Hi,
> > > > > the cure is worse than the disease ;-)
> > > > > How is Apparmor abusive ?
> > Hi,
> >
>
> > I'm not very fond of apparmor for various reasons:
> > 1. I experienced unexpected behavior of programs
>
> >     silently failing to do something (log, run, etc    

>
> >     because the apparmor profile was wrong/bugged
> > 2.  unless you study every code path in the program you want to   

>
> >     supervise the profiles used will not be safe but nobody really cares    

>
> >     (e.g. maintainer adds a profile that works with the default setup    

>
> >     of the distro (....if it really works))
> > 3.  if you use a customized setup of services or other programs     

>
> >     it is highly probable that the profiles will not work for you

> >
>
> >     Summary:

> >
>
> >     apparmor gets in the way of doing stuff and    

>
> >     in the end adds just one more software layer   

>
> >     with a million code lines and the inevitable     

>
> >     programming errors, so in my humble opinion     

>
> >     it just adds complexity (bad!) with no guarantee of improving     

>
> >     security (not so good!) and makes linux more    

>
> >     windows-like (worse!!).

> >
>
> >     Addendum:

> >
>
> >     Quis custodiet ipsos custodes?

> >
>
> >     What will be the next evolutionary step, will we need    

>
> >     a new layer that secures apparmor?

> >
>
> >     My Solution:

> >
>
> >     To avoid all of this trouble and reduce complexity I pin -1     

>
> >     apparmor in apt preferences, purge it and everything related    

>
> >     and disable it on the kernel command line with apparmor=0    

>
> >     and everything is smooth, understandable and reliable again    

>
> >     as it has been "in saecula saeculorum".

> >
>
> >     Ciao,

> >
>
> >     Tito

> >
>
> So to summarise...
> The answer to my question 'What is abusive about Apparmor ?' is "nothing".


The concept is abusive:

1) it is not KISS
2) it does not fix the underlying issues if there are any
3) who watches the watchdog?

Ciao,
Tito

>
> You don't like it because you find it overly complicated to configure.
> Better throw overly complicated to configure KDE4 out (and Xorg, and ALSA, and...) with the bathwater as well then, and then KUserFeedback becomes a non-issue.
>
>


I find them easier to configure than apparmor despite the fact they want to start to spy on me.

>
>
>
>
>
>