[gentoo-dev] [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[gentoo-dev] [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[Sam James]

Signed-off-by: Sam James <sam@gentoo.org>
---
 ...05-08-openssh-configuration-changes.en.txt | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 2023-05-08-openssh-configuration-changes/2023-05-08-openssh-configuration-changes.en.txt

diff --git a/2023-05-08-openssh-configuration-changes/2023-05-08-openssh-configuration-changes.en.txt b/2023-05-08-openssh-configuration-changes/2023-05-08-openssh-configuration-changes.en.txt
new file mode 100644
index 0000000..ffc9509
--- /dev/null
+++ b/2023-05-08-openssh-configuration-changes/2023-05-08-openssh-configuration-changes.en.txt
@@ -0,0 +1,27 @@
+Title: OpenSSH directory configuration changes
+Author: Sam James <sam@gentoo.org>
+Posted: 2023-05-08
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: >=net-misc/openssh-9.3_p1-r1
+
+Gentoo's OpenSSH package will start using the /etc/ssh/sshd_config.d
+and /etc/ssh/ssh_config.d directories for both Gentoo default settings
+and use by the administrator.
+
+The default /etc/ssh/sshd_config and /etc/ssh/ssh_config files will
+respectively include configuration files in /etc/ssh/sshd_config.d/* and
+/etc/ssh/ssh_config.d/*, making it possible for all customization and
+configuration to be done via 'drop-in' files if desired.
+
+Most users will not need to take any action. The only action required
+is if specific Gentoo defaults were overridden in the past, as the new
+ebuilds will install them to new files in the new listed directories.
+
+Such admins will need to edit the new files in the new directories or
+make overrides in their own files in the new directories using a higher
+number in the filename.
+
+For example, if the system administrator has commented out 'AcceptEnv COLORTERM'
+in /etc/ssh/sshd_config, they will need to do the same in the new
+/etc/ssh/sshd_config.d/90gentoo.conf file.
-- 
2.40.1

Re: [gentoo-dev] [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 792 bytes --]

>>>>> On Mon, 08 May 2023, Sam James wrote:

> +++ b/2023-05-08-openssh-configuration-changes/2023-05-08-openssh-configuration-changes.en.txt

https://www.gentoo.org/glep/glep-0042.html#news-item-identities
"This identifier will be in the form yyyy-mm-dd-short-name [...].
The short-name is a very short name describing the news item
(e.g. yoursql-updates) [...]. While there is no hard restriction on
the length of short-name, limiting it to 20 characters is strongly
recommended."

(This is not addressed at your news item in particular, but I observe
a tendency for the short-names to becomer longer and longer. Here,
"2023-05-08-openssh-config" or "2023-05-08-openssh" would be perfectly
fine, as it is unlikely that we will have another news item about
openssh on the same day.)

Ulrich

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

Re: [gentoo-dev] [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[Matt Turner]

On Mon, May 8, 2023 at 1:04 PM Ulrich Mueller <ulm@gentoo.org> wrote:
>
> >>>>> On Mon, 08 May 2023, Sam James wrote:
>
> > +++ b/2023-05-08-openssh-configuration-changes/2023-05-08-openssh-configuration-changes.en.txt
>
> https://www.gentoo.org/glep/glep-0042.html#news-item-identities
> "This identifier will be in the form yyyy-mm-dd-short-name [...].
> The short-name is a very short name describing the news item
> (e.g. yoursql-updates) [...]. While there is no hard restriction on
> the length of short-name, limiting it to 20 characters is strongly
> recommended."

But why? We're not concerned about file system limits, are we?

[gentoo-dev] Re: [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[James Cloos]

>>>>> "SJ" == Sam James <sam@gentoo.org> writes:

SJ> +Such admins will need to edit the new files in the new directories or
SJ> +make overrides in their own files in the new directories using a higher
SJ> +number in the filename.

given that openssh uses first-wins rather than last-wins, should than
not be 'smaller number'?

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

Re: [gentoo-dev] Re: [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[Sam James]

[-- Attachment #1: Type: text/plain, Size: 421 bytes --]


James Cloos <cloos@jhcloos.com> writes:

>>>>>> "SJ" == Sam James <sam@gentoo.org> writes:
>
> SJ> +Such admins will need to edit the new files in the new directories or
> SJ> +make overrides in their own files in the new directories using a higher
> SJ> +number in the filename.
>
> given that openssh uses first-wins rather than last-wins, should than
> not be 'smaller number'?

Yes, I'll fix that up locally, thanks

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 377 bytes --]

Re: [gentoo-dev] [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 927 bytes --]

>>>>> On Mon, 08 May 2023, Matt Turner wrote:

>> > +++ b/2023-05-08-openssh-configuration-changes/2023-05-08-openssh-configuration-changes.en.txt
>> 
>> https://www.gentoo.org/glep/glep-0042.html#news-item-identities
>> "This identifier will be in the form yyyy-mm-dd-short-name [...].
>> The short-name is a very short name describing the news item
>> (e.g. yoursql-updates) [...]. While there is no hard restriction on
>> the length of short-name, limiting it to 20 characters is strongly
>> recommended."

> But why? We're not concerned about file system limits, are we?

No, the FS limit will kick in much later.

However, eselect news may truncate identifiers whose short name is
longer than 30 chars, in situations where the identifier is shown to
users (e.g. for removed news items).

So, it's not a hard limit and nothing will really break, but there's
some incentive to keep these names concise.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

[gentoo-dev] Re: [PATCH v2] 2023-05-08-openssh-configuration-changes: add item

[Duncan]

Sam James posted on Mon, 08 May 2023 19:44:18 +0100 as excerpted:

> James Cloos <cloos@jhcloos.com> writes:
> 
>>>>>>> "SJ" == Sam James <sam@gentoo.org> writes:
>>
>> SJ> +Such admins will need to edit the new files in the new directories or
>> SJ> +make overrides in their own files in the new directories using a higher
>> SJ> +number in the filename.
>>
>> given that openssh uses first-wins rather than last-wins, should than
>> not be 'smaller number'?
> 
> Yes, I'll fix that up locally, thanks

Are these "numbers" truly (suppressed-leading-zero-)numeric-order-parsed?

Does 9-xxx come before or after 80-xxx ? 
Would it need to be 09-xxx (shell-order-parsing)?

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman