F40 Change Proposal: Systemd Security Hardening (System-Wide)

I kinda disagree with this point.

IIRC most of the specifications in Linux I have seen (outside of systemd there are the FreeDesktop.org ones, for example) seem to be made to be forwards-compatible, so they won’t fail if something that is added in a new version of the specification is read in a system that only understands an older version.
In those cases it seems the preferable choice is to just silently ignore the new option, I don’t know if systemd actually prints warning (it would make sense because the unit files are critical to the system inner working) but, assuming those warnings contain the unit file and the affected properties, I would guess a Google search would easily let the user figure out that it’s for a unit option added in a newer systemd version than the one the user’s system is running.

So, IMHO this is not as big of a drawback.

Agree, just like with the chrony example, there are tons of exceptions.

Hello folks,

Based on the feedback I have received so far, I have updated some sections including packaging guidelines, added a specific example and so on. I have added a summary of the feedback and some open questions in the wiki.