Re: Preparing Debian for using capabilities: file ownership.

[Nicolás Lichtmaier <nick@debian.org>]

>  Nicolás>  That's because root will be just another user, with its set of
>  Nicolás> capabilities, and you may like to prevent him from altering
>  Nicolás> system files.
> 
>  Nicolás> As this is a major change, we'd better start now. This will
>  Nicolás> also help people who want to implement a capabilities setup
>  Nicolás> before we do...
> 
>  Nicolás>  Do you like this? Do I send a "formal proposal"?
> 
>  	Umm, before we start proposing this, we should ahve a pilot
>  project, and have a few machines, including some running servers,
>  that run like this, and see what breaks. We can then rty changing a
>  few common packages to work like this, working out details of any
>  conversion protocol requirements, if any. 
> 
> 	In other words, test and proitotype first. _Then_ we change policy. 

 The only thing that could break is package updating, because it's the only
thing that writes into those files. And it won't, because dpkg run as root,
and root can now write to a file he doesn't own without any problem.