> > Actually, I'd like to hear about why the kernel developers were > shocked about our use of capabilities. Could you expand on that? > > Taybin > Taybin, I wish I could, but thinking that it would likely be of little interest to me I tuned out pretty quickly. There wasn't a lot of discussion as I remember it. A number of people were using generic words like 'dangerous' or 'stupid', but frankly it didn't matter to me as this is the only game in town. What choice do I have anyway? There was no additional concern about actually running apps like Ardour or Rosegarden as root vs. using capabilities. They hated that sort of answer also. It was really that they didn't think any of this should run as root. TO BE CLEAR - I have no issue with this one way or the other. I understand I'm taking my chances. I'm OK with that. I will say that the other day I quickly tried Rosegarden with Jack and as soon as I connected an audio track in Rosegarden to a 'Jack Audio' stream the machine was locked up hard and nothing but a hard reset would bring it back. THERE ARE RISKS. (My apologies to Guillaume, Chris or Rich for bring that up here before signing up for their lists again.) If I had to venture a guess it was probably more that some 'intentionally bad' application could be written to take advantage of a machine that had a kernel patched for capabilities, and not specifically that jackstart itself was a problem. I would suspect that a number of developers would not be particularly concerned with this, but I'll make the observation that I quickly counted more than 40 Jack applications on the web site this morning. What percentage of those have actually been tested using a capabilities based kernel, and what assurance does a user like me have that one of them doesn't do an rm / intentionally or by mistake? As this list grows to 100 or 200 apps, how will I - as a user, not a developer - be protected against something like this? Please remember, that's just my guess and does not represent anyone's true reasons. Mark