From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0A1D1158086 for ; Mon, 29 Nov 2021 05:05:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8C6982BC06C; Mon, 29 Nov 2021 05:05:42 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B3630E08A2 for ; Mon, 29 Nov 2021 05:05:41 +0000 (UTC) From: Sam James Content-Type: multipart/signed; boundary="Apple-Mail=_8F2311EC-F35C-4F7B-982D-473CE1271830"; protocol="application/pgp-signature"; micalg=pgp-sha512 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\)) Subject: Re: [gentoo-dev] rfc: allow -1 for ACCT_USER_ID and ACCT_GROUP_ID in ::gentoo Date: Mon, 29 Nov 2021 05:05:36 +0000 References: <4accff715fedc3c142bdb67e4b52cfc0cfd6bb4a.camel@gentoo.org> <8B541414-A752-4668-AA72-EC3AEEC870C3@gentoo.org> To: gentoo-dev@lists.gentoo.org In-Reply-To: Message-Id: <121470D9-30EF-43FC-B085-6C51AE6C0496@gentoo.org> X-Mailer: Apple Mail (2.3693.20.0.1.32) X-Archives-Salt: 57211e15-c390-4a9f-88c8-14b9594cbf25 X-Archives-Hash: 33bd333060cd0af3f1bf315f81c2ff37 --Apple-Mail=_8F2311EC-F35C-4F7B-982D-473CE1271830 Content-Type: multipart/alternative; boundary="Apple-Mail=_918EA797-CDB0-4EBF-AE7F-7CDD6184992B" --Apple-Mail=_918EA797-CDB0-4EBF-AE7F-7CDD6184992B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 29 Nov 2021, at 00:06, Michael Orlitzky wrote: >=20 > On Sun, 2021-11-28 at 23:39 +0000, Sam James wrote: >>=20 >> Whissi and others raised some points that I think you may have some = views on >> (and I'm interested in hearing them). >>=20 >=20 > I don't want to put words in his mouth, but I think Whissi takes issue > with using the package manager to manage users, period. Not > specifically with our use of a UID/GID hint. >=20 > I didn't respond to the first thread because I didn't want to pick a > fight when the correct conclusion (IMO) was already reached. In the > first thread I see only hypothetical problems raised (and a bunch of > people who didn't realize the numbers are only a hint). If any of = those > problems are real and solved by allowing ACCT_USER_ID=3D-1 in = ::gentoo, > you'll have to point them out. >=20 Yeah, that seems like a fair interpretation (and matches my = understanding). I don't really see the problem with people who want manual = administration just setting the relevant variables in make.conf. What I wish we had done (and there's still time to do, albeit belated -- it's still useful for the remaining big bits like Apache and nginx) is write a news item explaining the implications and linked to a page like = https://wiki.gentoo.org/wiki/Practical_guide_to_the_GLEP_81_migration = (which ConiKost created after we discussed how to inform users better) that explains how to work around/express their preferences/give their = own hints. Sorry, I should've been explicit. The main thing I'd like to understand = better from your POV is: this isn't new, but you're quite clear you feel that the UID/GID range = limitations are completely arbitrary and without merit(?). Whissi essentially says the opposite: = https://archives.gentoo.org/gentoo-dev/message/17a22877f5f18dae44a2f0859d8= 07450 = . I'd like to understand if this is just a result of beliefs about what = the PM should/shouldn't do or if there's genuine problems with continuing to extend the range? I think I'd like to see sources on various UID ranges being hardcoded in = places as I suspect any such software may have dubious quality anyway, but that's = on him, not you. It still seems like in terms of interoperability, there's little impact: folks can force whatever UIDs/GIDs they want. It's not like the = situation was any better with dynamic allocation unless you installed in exactly the = right order (so some precise setup wasrequired in the past anyway, the difference is = now you explicitly state what you want if you need it). Best, sam --Apple-Mail=_918EA797-CDB0-4EBF-AE7F-7CDD6184992B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

On 29 Nov 2021, at 00:06, Michael Orlitzky <mjo@gentoo.org> = wrote:

On Sun, 2021-11-28 at 23:39 +0000, Sam James wrote:

Whissi = and others raised some points that I think you may have some views on
(and I'm interested in hearing them).


I don't want to put words in his = mouth, but I think Whissi takes issue
with using the = package manager to manage users, period. Not
specifically = with our use of a UID/GID hint.

I didn't = respond to the first thread because I didn't want to pick a
fight when the correct conclusion (IMO) was already reached. = In the
first thread I see only hypothetical problems = raised (and a bunch of
people who didn't realize the = numbers are only a hint). If any of those
problems are = real and solved by allowing ACCT_USER_ID=3D-1 in ::gentoo,
you'll have to point them out.


Yeah, that = seems like a fair interpretation (and matches my = understanding).

I don't really see = the problem with people who want manual administration
just = setting the relevant variables in make.conf.

What I wish we had done (and there's still time to = do, albeit belated --
it's still useful for the remaining big = bits like Apache and nginx) is
write a news item explaining = the implications and linked to a page
(which ConiKost created after we discussed how to = inform users better)
that explains how to work around/express = their preferences/give their own hints.

Sorry, I should've been explicit. The main thing = I'd like to understand better
from your POV is:

this isn't new, but you're quite clear you feel = that the UID/GID range limitations
are completely arbitrary = and without merit(?). 


I'd like to = understand if this is just a result of beliefs about what the PM = should/shouldn't do
or if there's genuine problems with = continuing to extend the range?

I = think I'd like to see sources on various UID ranges being hardcoded in = places as
I suspect any such software may have dubious quality = anyway, but that's on him,
not you.

It still seems like in terms of interoperability, = there's little impact:
folks can force whatever UIDs/GIDs they = want. It's not like the situation was
any better with dynamic = allocation unless you installed in exactly the right order
(so = some precise setup wasrequired in the past anyway, the difference is now = you
explicitly state what you want if you need = it).

Best,
sam
= --Apple-Mail=_918EA797-CDB0-4EBF-AE7F-7CDD6184992B-- --Apple-Mail=_8F2311EC-F35C-4F7B-982D-473CE1271830 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEYOpPv/uDUzOcqtTy9JIoEO6gSDsFAmGkX6BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYw RUE0RkJGRkI4MzUzMzM5Q0FBRDRGMkY0OTIyODEwRUVBMDQ4M0IACgkQ9JIoEO6g SDslmAgApzd10acXgBiIxpaHo4Q5HRUaAAq0025UnSqt5ZMPy+FLSWW1cLbPvfN6 TYCOZp4Sdgpli+6ivbmSUN9Wc8bFd3FeaRR+Z0F9SmnNc/KCRO3k+DDxQyEroK3x H9XqPCmlNyzjoooUuteDZFviENaLEpUdamzCNXU0lM2wR7jNiOBx7MgEgfO5opY5 fgoGlvd7zoBImrjIxkQjCDzHvDPHGrSKuJgInzXE78i4p7TfC6TbdljbRIzr1fuu nBtqbA0wvKAMWpnEdbpA6hoeLswU1TJixx9n0YorkvvfL4WWux4Ly5Hg1IQDJYRS CWi+7Q36T7JsbDcEgmtkVe+7gmbUBw== =Vs+4 -----END PGP SIGNATURE----- --Apple-Mail=_8F2311EC-F35C-4F7B-982D-473CE1271830--