[apparmor] [patch 3/3] use capability rule class in aa.py and cleanprof.py

Steve Beattie steve at nxnw.org
Wed Dec 3 19:32:41 UTC 2014 

On Mon, Dec 01, 2014 at 11:37:14AM -0800, Seth Arnold wrote:
> On Sun, Nov 30, 2014 at 12:45:49AM +0100, Christian Boltz wrote:
> > > Second is that I think these changes are large enough to not be
> > > acceptable for 2.9.1, and that we should branch off 2.9.x before
> > > committing this patch set.
> 
> > You are right that the changes are quite big for a maintenance release. 
> > 
> > However there are some reasons that let me tend to include it in 2.9.x:
> > - as a side effect of the conversation to classes, we fix some bugs. 
> >   Maybe we even accidently ;-) fix some bugs we didn't even notice 
> >   before.
> > - the classes are fully covered by tests, which means the risk for 
> >   regressions is quite small (we can "only" break aa.py)
> > - we'll have a separate branch that we need to support with bugfixes if
> >   we don't include the rule classes in 2.9.x ;-)
> 
> I think I'd rather see "all these" (loosely used to refer to all the
> work you guys have put in the last few weeks) rolled into trunk before
> branching 2.9.x. These changes are rather more than the usual bug-fixes,
> true, but they are addressing the usability issues with the current code.
> 
> I'm afraid having a trunk and a 2.9 branch would blunt the current
> enthusiasm that appears to be very fruitful recently.

I get what you guys are saying, but:

  1) we've already had one iteration of the patch set that broke aa.py
     pretty thoroughly. (I grant that I've done more testing *and*
     the added testcases give more confidence in these changes.)

  2) in Ubuntu, we got burned pretty badly by incorporating the
     python utils into the 14.04 release when they really hadn't
     reached even quality parity with the perl tools.

So I'm perhaps a bit gun shy about rolling semi-significant changes
into the 2.9.x series.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141203/7dba7d25/attachment.pgp>

More information about the AppArmor mailing list