After a discussion started on debian-devel a year ago, AppArmor has been enabled by default in testing/sid since November 2017 as an experiment. We'll soon need to decide whether Buster ships with AppArmor by default or not. Clément Hermann and yours truly have hosted a BoF at DebConf18 in order to gather both subjective and factual data that can later be used to:

  1. draw conclusions from this experiment;
  2. identify problems we need to fix.

About 40 people attended this BoF; about half of them to participated actively, which is better than I expected even though I think we can do better.

  1. Report from the AppArmor BoF at DebConf18
  2. Opting-in or -out
  3. Sticky notes party
    1. Process
    2. Output
  4. Open discussion
  5. Meta

Opting-in or -out

We started with a show of hands:

Sticky notes party

We had a very dynamic collaborative sticky notes party aiming at gathering feeling and ideas, in a way that let us identify which ones were most commonly shared among the attendees.

Process

We asked the participants to write down their answers to the following questions on sticky notes (one idea per post-it):

Then we de-duplicated and categorized the resulting big pile of post-its together on a whiteboard. Finally, everyone got the chance to "+1" the four ideas/feelings they shared the most.

Output

If you're curious, here's what the whiteboard contained at the end.

Here are the conclusions I draw from this data:

I will update/file bug reports to reflect these conclusions.

Open discussion

Finally, we had an open discussion, half brainstorming ideas and half "ask me anything about AppArmor". For the curious, I've compiled the notes that were taken by Clément Hermann.

Meta

I want to thank:

The feedback I got about the sticky notes party format was very positive: a few attendees told me it made them feel more part of the decision making process. Credits are due to Gunner for the inspiration!

If you attended this BoF and want to share your thoughts about how it went, I'm all ears → intrigeri@debian.org :)