[pkg-aa-profiles-team] [apparmor] License and copyright of ~apparmor-dev/apparmor-profiles?

Wed Aug 20 09:06:55 UTC 2014

Hi,

[re-adding pkg-aa-profiles-team@ into the loop, as I suspect that at
least Holger doesn't read the AppArmor ML yet.]

Jamie Strandboge wrote (20 Aug 2014 03:46:57 GMT) :
> What package is being uploaded? Is this a separate apparmor policy package from
> the apparmor source package itself?

Yes. It's called apparmor-profiles-extra. It's waiting in the NEW
queue, and we won't nag ftp-masters about it until the copyright and
license have been clarified upstream.

> If so (and forgive me if I am misinterpreting-- I'd just like to make sure that
> this is discussed here),

Well... it's been discussed here a bit a while ago already.

I won't have time to reply in depth to the rest of your email before
DebConf, but I kindly invite you to re-read the email I've sent to
this very mailing-list 1.5 years ago:

  https://lists.ubuntu.com/archives/apparmor/2014-January/004876.html

In there, I explained my rationale for going this way, and was seeking
for feedback. You replied to that email "I'd recommend that the
apparmor-profiles-extra package be a separate source package in
Debian". This is exactly what we've been working on since then.

So, while the longer-term cross-distro collaboration plans can surely
be rediscussed, and are being rediscussed, I think that it's way too
late, in this Debian release cycle, to revisit the decision of
shipping a few additional profiles in a separate package in Jessie, as
opposed to adding them into the individual affected packages.

Note that there are currently 4 profiles in the proposed package.

 * 2 of them (irssi, Pidgin) come straight from the apparmor-profiles
   repo; the irssi one will likely be moved to the irssi package
   before the Jessie freeze (yeah, we're also trying to go this way
   when the maintainer is OK with it);
 * 2 of them (Evince, tcpdump) come from individual Ubuntu packages.

I want to add the Totem profile from apparmor-profiles before the
freeze. I think that's all what we're gonna ship in there in Jessie,
so if it's really problematic, then the problem is quite small,
localized, and easy to fix if we change strategy :)

> Ubuntu has already pushed policy into Debian packages somewhat, but there is
> more to be done.

I *don't* want to throw stones at anyone, but I've seen very little
progress on this front since I'm involved in AppArmor. I think
a reality check is warranted, to make sure that we're speaking of the
same thing. Here's the full list of profiles that landed from Ubuntu
in the Jessie release cycle, as far as I know:

  * bind9: I thinks this one truly was pushed by Ubuntu, thanks to the
    package being collaboratively maintained between our two distros :)
  * cups: I had the profiles (trivially) enabled in the Debian package
    (Debian#735313); all it took was dropping a "if Ubuntu".
  * mysql-5.5: I nagged people into removing the "if Ubuntu" bits
    (Debian#736087), and then Ubuntu folks did most of the work.
  * libvirt, mostly thanks to Felix Geyer for pushing/adapting things.
    I'm now nagging the people who introduced the Ubuntu delta into
    pushing it into Debian.
  * LXC profiles from upstream (i.e. mostly Ubuntu): can't work in
    a distro that doesn't patch the kernel heavily, as it relies on
    dbus, signal, ptrace and mount rules.
  * lightdm profiles from upstream (i.g. mostly Ubuntu): the Debian
    maintainer initially included it as-is, but they didn't parse
    since they relied on newer AppArmor features; I had to fix it.

So, sure enough, stuff did come in, but that's not exactly what
I would call "Ubuntu pushing policy into Debian". I hope you can now
better see from what perspective I'm looking at these things :)

Anyway: thanks for your work, no bad feelings here.

Cheers!
-- 
intrigeri