From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 75C7B138334 for ; Tue, 10 Dec 2019 16:25:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2EADAE09E5; Tue, 10 Dec 2019 16:25:46 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D82CAE09D4 for ; Tue, 10 Dec 2019 16:25:45 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id B581934D4FC for ; Tue, 10 Dec 2019 16:25:44 +0000 (UTC) Subject: Re: [gentoo-dev] [RFC] Revisiting GLEP 81 (acct-*) policies (reviews, cross-distro syncing) To: gentoo-dev@lists.gentoo.org References: <84a435bffe460efd2620ceec0c0405fa18a7937b.camel@gentoo.org> <6f1dc9b3-e13e-1186-f75a-51615db505d3@gentoo.org> <30a13c94-55e4-6a8a-d10e-ba3b802fb93a@gentoo.org> From: Michael Orlitzky Message-ID: <8c682244-3014-6b4a-7838-58ab63c5840a@gentoo.org> Date: Tue, 10 Dec 2019 11:25:42 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <30a13c94-55e4-6a8a-d10e-ba3b802fb93a@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: 22f8ba00-7cb5-4dd8-ab20-fe6c986faa8c X-Archives-Hash: e48d1a3226448f4c9bbe4c48a8e6975a On 12/10/19 11:05 AM, Joonas Niilola wrote: > > I was more thinking along sys admins being able to modify their acct- > ebuilds with static numbers. If you're bind-mounting already, why not > bind your portage (or local overlay) to children as well. 2 minute more > work for those who need it, but a lot easier to everyone else who don't > care :) > For most people, it's more convenient if the users/groups have the same IDs on every system, but they don't actually care what those IDs are. That's why it is the way it is, where developers pick basically any ID, write it down, and hard-code it in the ebuild. (Cross-distro compatibility is a stretch, but if we can make it work easily in some cases then I don't see any harm in trying.) If you need a specific ID, then by design you can make a new revision of the ebuild in an overlay and tell the eclass to enforce your special ID. But what we don't want is to force *every* user to create his own overlay with *every* acct- ebuild just to get the same IDs on two machines, since that's the sensible thing to do in the first place. In any case, the collisions aren't why I supported mailing list review. Users and groups are the most fundamental concept in UNIX security, and the review requirement just reflects my belief that we can take a day or two to make sure that we get them right.