From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id EF796138359 for ; Wed, 22 Jul 2020 01:40:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8CF0EE087E; Wed, 22 Jul 2020 01:40:34 +0000 (UTC) Received: from mail.suugaku.co.uk (unknown [2.125.59.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E0991E0826 for ; Wed, 22 Jul 2020 01:40:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=suugaku.co.uk; s=mail; t=1595382189; bh=95iYYP02Vz6TBeyrUr6s0nmrI/L7cRdPFLgjOP8DvOA=; h=Date:From:To:Subject:References:In-Reply-To; b=GRUNQie/wSx1qY/w3Gd4W968Hsc+WcHveI2SYItSsC776pL7dsxRn2+oBHEif2lYx O7M8AgsrHRU9SyRP3Ycusw/2J3erHIK/gLCl96gLIffaY0CuojyFt02Uu9qt3rBjt5 mi6mGYK3w2qzSRjO3poDPD1ijpeaJ81SShI29d8w= Date: Wed, 22 Jul 2020 02:39:27 +0100 From: Ashley Dixon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: dns/bind-tools 9.14 -> 9.16 pulling in 17 new dependencies?! Message-ID: <20200722013927.dbskcenueiknwu64@ad-gentoo-main> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <20200721154725.04b47e71@digimed.co.uk> <2541035.mvXUDI8C0e@peak> <20200722013007.GA25203@waltdnes.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="s2qedmrudjhrfmfg" Content-Disposition: inline In-Reply-To: <20200722013007.GA25203@waltdnes.org> X-PGP-Key: fp="2A9A DA96 8A7B A30E F290 4117 D18A B0D2 BF25 A8AA"; id="0xBF25A8AA"; get=; get= X-Operating-System: Linux ad-gentoo-main 5.4.48-gentoo X-Editor: vim 8.2 User-Agent: NeoMutt/20180716 X-Archives-Salt: 43ee16e2-398e-4c27-8242-9f665b05bfa5 X-Archives-Hash: e4998fc2d4d3e0e783013ca2cdec7b48 --s2qedmrudjhrfmfg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 21, 2020 at 09:30:07PM -0400, Walter Dnes wrote: > According to news item https://www.gentoo.org/support/news-items/2020-0= 6-24-xorg-server-dropping-default-suid.html >=20 > * xorg-server will no longer be "suid" *BY DEFAULT* > * that means *THE DEFAULT* is to require a logind server like systemd > or elogind >=20 > The news item also says... >=20 > > Users who do not wish to use logind interface or have rare hardware > > that does not use KMS and because of that, require root privileges > > to operate, can manually re-enable 'suid' and disable 'elogind' USE > > flags in order to preserve the previous behavior. However, please > > note that this is heavily discouraged to run X server as root due > > to security reasons. The 'suid' USE flag will remain as optional > > opt-in for the need of legacy hardware. >=20 > I've set "x11-base/xorg-server glamor suid udev xorg" in package.use > and "-elogind" in make.conf, and no additional packages are required. I > used to start with USE=3D"-*" but I don't do that anymore. Instead I use >=20 > USE=3D"10bit X apng ffmpeg jpeg opengl png szip truetype x264 x265 xorg t= hreads > webp -acl -arping -berkdb -bindist -caps -cracklib -crypt -elogind -filec= aps > -gallium -gdbm -graphite -iconv -introspection -ipc -iptables -ipv6 -libav > -libglvnd -llvm -manpager -nls -openmp -pam -pch -sendmail -tcpd -udev -u= disks > -unicode -xinerama" There was a big argument about it over on Gentoo-Dev. It essentially reduc= ed to the point that although most Gentoo users are still going to want "suid" (i= n the absence of systemd/elogind or another fancy login manager), Portage s= hould provide good, non-anti-pattern, secure defaults for _new_ users, however = much of an inconvenience it may be for existing users who run X with `startx`= =2E I generally agree with them on this point; "suid" is horribly outdated, ho= wever ubiquitous (especially for minimalist systems). https://www.mail-archive.com/gentoo-dev@lists.gentoo.org/msg89536.html --=20 Ashley Dixon suugaku.co.uk 2A9A 4117 DA96 D18A 8A7B B0D2 A30E BF25 F290 A8AA --s2qedmrudjhrfmfg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEKpralop7ow7ykEEX0Yqw0r8lqKoFAl8XmM4ACgkQ0Yqw0r8l qKoeoA//fzKm4E9+v3kOnhuRFIn6Hg4y+JHS325SWXjY67IkVcmcPsRKjUzwzd9W ut2ihxwejzn+yXk3iHxlIG4Gf/xo3Oec7n3j5Ib7EjbnzuQeKOP5JW21AUmOWqR3 m+dUMhnMRgOOTTspDfixbxkL+i6+8o6UD4cp3DR6ByZdQr9G13Q6108Y6irEiKoV Z1YmCFWSv4WkFzfhSZMDjbBVBWypxNwxGOGAJLYd34u+/8jHLBMQBjFNit3Pqle+ bqAWUCjl4AHbNwSPpYdI2iNI2dULDrNg2TbUk2LcUQbbMVKj7u8Xd51l0CM+6FIj 4uwH3bKrOZLgY1e/vn0X2NeZMGqGTFC4/jYBKsLbj5gzqaXJVXgPkgPaxNS45wec UkKTEBc5AKlFoH4XLqi+gZrAqPKEWrjw8V2tAF0Rk16/1xQmJU9XUWLHOtZQeXkb PDzMLZZGHk9hm7wAwvgMYr+L6gvH/Ws59UBMDdh24Q5iNmVGp9C+97/T8ipo542x Q91bb12Or84VXRGd47Jqlu8eoXuf3j6AxLW1fEnpX0QGMj11gItrZBkb3pjZqLO3 dh2sGhfZ7Q7cKNOY7vr2bSk6m/fuQJ1wwtbH2po4sJE5vnFxxsG+hCZifIpha7Og WrE5duvWMObYUa2yDDysfvCMJ7sHmY0IFSJdO2HU0IynuFiwSrg= =fZUr -----END PGP SIGNATURE----- --s2qedmrudjhrfmfg--