Re: [gentoo-dev] [PATCH v3] glep-0081: User and group management via dedicated packages

[David Seifert <soap@gentoo.org>]

On Fri, 2019-06-21 at 15:02 +0300, Andrew Savchenko wrote:
> On Fri, 21 Jun 2019 09:18:23 +0200 David Seifert wrote:
> > On Fri, 2019-06-21 at 08:59 +0300, Andrew Savchenko wrote:
> > > On Thu, 20 Jun 2019 16:32:56 +0200 Michał Górny wrote:
> > > > On Thu, 2019-06-20 at 09:53 -0400, Brian Evans wrote:
> > > > > On 6/9/2019 7:39 AM, Michał Górny wrote:
> > > > > > +Tracking of user/group usage is done through
> > > > > > dependencies.  As
> > > > > > long
> > > > > > +as any installed package depends on a specific user/group
> > > > > > package,
> > > > > > +the respective user/group is assumed to be used.  If no
> > > > > > package
> > > > > > +requiring the specific user/group is left, the package
> > > > > > manager
> > > > > > +automatically prunes the package clearly indicating it is
> > > > > > no
> > > > > > longer
> > > > > > +used.
> > > > > 
> > > > > You cannot know when a name is "no longer used".  An
> > > > > administrator could
> > > > > have adopted a username for other purposes.
> > > > 
> > > > That's why we don't remove the actual user/group.  However,
> > > > this is
> > > > a valuable information to the administrator that no package is
> > > > using
> > > > the user/group in question.
> > > 
> > > So how do you propose to clean them up? Or let user systems trash
> > > with unused uids/gids? The GLEP 81 only mensions some possible
> > > tooling for cleanup. Is there an implementation available? I
> > > don't
> > > see it within proposed patch sets.
> > > 
> > > This GLEP should not be accepted unless all necessary tools are
> > > available including a cleanup tool.
> > > 
> > > Best regards,
> > > Andrew Savchenko
> > 
> > Strongly disagree:
> > 
> > 1) User systems are already getting trashed. And apparently it's
> > not a
> > critical thing that prevents users from using Gentoo in practice.
> > 2) A cleanup tool at best will only tell you which files you need
> > to
> > check, randomly deleting files with orphaned uids/gids is not a
> > good
> > idea.
> 
> What will happen when some acct-*/* package will be unmerged? Will
> uid/gid record and/or its files be deteleted?
> 
> > 3) This proposal strictly increases the quality of Gentoo. Don't
> > let
> > perfect be the enemy of the good. The fact that the problem isn't
> > solved to 100% doesn't mean that a solution that gets us there 85%
> > should be rejected.
> > 
> > Strongly vote +1 to merge this now.
> > 
> > 
> 
> Best regards,
> Andrew Savchenko

They will remain orphaned on the file system. So again, this is in no
way worse than the status quo, and given that users/groups will be
managed through a package manager, tracking orphaned uids/gids is a lot
better with this proposal.