Lennart Poettering <mzerqung(a)0pointer.de> wrote:
On Thu, 02.06.16 18:00, Sam Varshavchik (mrsam(a)courier-mta.com)
> The rogue spambout in question can simply talk to systemd itself, and
> arrange for it not to be killed when the user logs out.
Yes, the default policy we ship is friendly, and
says that users can stick around if they want, via lingering
And therefore the change that is being debated in this thread – the
default value of KillUserProcesses – does not change anything security-
wise, right? There already was, and there still is, a feature that
sysadmins can opt in to use to enforce an unusually strict policy if
they want, but there has not been, is not, and will not be such a
policy be default, right?
If that's the case, then can we please stop talking about security and
instead debate the usability aspects of this change?