https://bugzilla.novell.com/show_bug.cgi?id=828833 https://bugzilla.novell.com/show_bug.cgi?id=828833#c1 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |UPSTREAM --- Comment #1 from Christian Boltz <suse-beta@cboltz.de> 2013-07-10 14:54:49 CEST --- The problem with the old reporting code is: Yes, it DID work, but it DOES NOT work with current AppArmor versions. One of the reasons are major changes in the audit.log file format. Besides that, the old (upstream) reporting code is extremely hard to maintain (and needs a rewrite or replacement). Nevertheless, I have to partially disagree with you. There IS support for notifications and reports, however it isn't available inside the YaST module anymore. You can use aa-notify to get desktop notifications or can setup an aa-notify | mail cronjob to get a daily or hourly summary (see "man aa-notify" for details). You can also use aa-genprof and aa-logprof (or their YaST interface) to create and update profiles. And finally, you can even read the raw /var/log/audit/audit.log ;-) If you have specific requirements that aa-notify does not cover, feel free to ask upstream (see http://wiki.apparmor.net/index.php/Main_Page#Joining_AppArmor for IRC and mailinglist information). You can also raise the topic of getting notification support in the YaST module back, but I can't promise anything ;-)

From my POV as openSUSE package maintainer: yes, of course I'd like to have notification support in the YaST module again, but I won't be able to implement it and doubt someone else from (open)SUSE will do it. That's why I'm asking you to ask upstream. This also means I have to close this bug as WONTBEABLETOFIX ;-)

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=828833 https://bugzilla.novell.com/show_bug.cgi?id=828833#c3 --- Comment #3 from Christian Boltz <suse-beta@cboltz.de> 2013-07-11 23:14:34 CEST --- (In reply to comment #2)

I am a little curious the reporting code was not updated when the strict Apparmor code was enhanced.

The problem is that the reporting code is totally different from the code used for logprof etc. Does "maintenance hell" ring a bell for you? Additionally, due to some people (having to) leave Novell/SUSE some years ago, there was nobody who did the work. Nowadays most AppArmor developers are paid by Canonical, which is not really interested in YaST ;-)

I understand the changes to the audit log files, but surely without any reporting code how can you tell the whole Application works at all?

The reporting module in YaST was just some nice sugar - but you can easily "earn" the "fruits" yourself in /var/log/audit/audit.log and use aa-status to get the "sugar" back ;-) (Technically, aa-status is completely different from the old reporting code, but it can give you similar results.)

If aa-notify is not on any UI it does not exist to the user and is superfluous and contributed nothing for our product to be used.

I'd guess that most AppArmor users work on the shell (no, I don't have numbers about that) and actively avoid the GUI. Even if someone used the GUI in the past, I'd argue that someone who knows about AppArmor knows how to setup an aa-status cronjob. (AppArmor is nothing a typical newbie uses, at least a newbie isn't interested in modifying profiles or getting status reports.)

We have little choices to decide? Either Yast needs to be re-ported or dynamically exported into both KDE's and GNOME's control panel and totally removed OR Yast needs to dynamically import all the control functions from KDE and GNOME

I'm quite sure the YaST developers are happy about every help they get. Besides that, we have a GSoC student who is working on rewriting logprof and genprof. The plan is to also update the logprof/genprof part of the YaST module. If there is time left, I can ask him if he can bring reporting back based on the new code (which will be shared for all AppArmor-related tools to avoid the "maintenance hell") - but I can't promise anything.

With this being closed as upstream I need to sincerely ask you What is the Product we test, enhance, fix error etc. What IS the openSuse Product by definition...I know its not anything to do with KDE or GNOME so what is the Product now that Yast is no longer in our Product.

YaST is still an openSUSE product, but the manpower to maintain it is limited. (Sorry, "perfect world 1.0" with unlimited number of developers was not released yet ;-) Besides that - yes, most parts of openSUSE are based on upstream code (for example KDE and GNOME). That's a good thing because the maintenance is done by more people (from upstream and various distributions, including openSUSE).

In Bugzilla we need to remove ALL the DROP down list of components that are outside the scope of report creation in the first instance

Now you are exaggerating ;-) The openSUSE developers are the first instance for bugreports - but in some cases you'll be pointed to upstream, or the openSUSE developer will submit your bugreport upstream. That's normal (and always was). To give you an example - before including any fix in the AppArmor package, I usually contact the upstream developers and show them the bugreport and the fix. This often results in a better fix, and also makes sure the fix is included in the upstream code (otherwise I'd have to keep and maintain the patch forever in the openSUSE package). I'm quite sure other openSUSE developers work in a similar way.

and who the bloody-hell IS UPSTREAM????

For AppArmor: The people on the AppArmor mailinglist (see my previous comment for a link) who do the AppArmor development.

What IS our Product, What is OPENsuse?, What is SLED and what is SLES.

I think we are all looking at development from the completely wrong aspect - Just hear me out.

Your idea sounds interesting, but a) "openSUSE Member" is a reward for active contributors (most of them are not getting paid), see http://en.opensuse.org/Members . I don't think we'll change this - especially not to something that includes paying money. They already pay with their time (BTW: this includes me) b) this means your proposal needs another name ;-) (maybe call it "supporter") c) all that is totally out of scope in this bugreport - if you want to discuss it further, please do it on the opensuse-project mailinglist. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=828833 https://bugzilla.novell.com/show_bug.cgi?id=828833#c5 --- Comment #5 from Christian Boltz <suse-beta@cboltz.de> 2013-07-15 00:13:44 CEST --- (In reply to comment #4)

I have 'apper' leaking and behaving like the titanic, I can write the case history to demonstrate most all of its huge failures that God I hope we dont ship with SLES or SLED...This will cause problems of biblical proportions in due course if it is included in either or both.

Apper is good - compared to ZMD and Zen Updater we had in 10.1 and SLE10 ;-) (Note that I'm not saying it's perfect ;-) - I know there is still room for, hmmm, improvement.)

Tell me how I can actively help you offline...

Unfortunately I don't have the time for this because I already have too many things on my ToDo list (both offline and online). Really, please ask on the mailinglists (opensuse-factory for technical stuff) if you want to help. http://en.opensuse.org/Portal:Teams might give you some good starting points ;-) If you want (and have some programming knownledge), you can also choose your "favorite" bug, fix it (that's often, but not always, the most difficult part ;-) and submit the fix to the developers via a submit request. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.