It is my first message, and so, I would thank everyone for the pretty good work for this distribution, this is pure love.
I would like to know the what is the idea behind installing Firejail by default.
At first, I saw “SUID program” and “written in C” as the two first statements on the website, and I can confess that I am since a little bit anxious about that. After that, I took a look at existing CVEs in previous versions, and I was not reassured at all.
I am trying to understand the choice beyond that.
One argument that I have found: if there is no unfixed known vulnerability, that can add a significant challenge to the intruder.
However, the software is using one of the most “harder to secure” language and the one of the most sensitive permission setting available.
There is something else that I could take in consideration?