https://bugzilla.novell.com/show_bug.cgi?id=757271
https://bugzilla.novell.com/show_bug.cgi?id=757271#c6
--- Comment #6 from Arjen de Korte
It might look so at the first view, but for various reasons bundling them in the apparmor-profiles package is the easier to handle solution. (One of the reasons is that all profiles come with the upstream AppArmor tarball.)
That may be a disaster waiting to happen. This means that if a patch is released for a security problem in Dovecot, there is no guarantee whatsoever that the AppArmor profiles will be updated if necessary. Apparently, apparmor-profiles is not part of the release process of a package (otherwise the missing Dovecot 2.0 profiles would have been spotted earlier on). I have been blissfully unaware of this so far, but now I'm starting to doubt if the added security AppArmor provides, is worth the risk of breaking the package it is supposed to protect. I've already seen several occasions in the past few months, where Dovecot stopped working because of insufficient rights granted to it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.