Re: Keysafe dynamic UID

2016-11-05 Thread Wouter Verhelst
On Thu, Oct 27, 2016 at 11:58:35PM +0100, Ian Jackson wrote: > (IME one gets the first matching entry found in /etc/passwd). Yes, if you use libnss_compat.so. There are, however, a number of caching NSS modules (e.g., libnss-db, libnss-cache, ...) that do not guarantee the same ordering of

Re: Keysafe dynamic UID

2016-10-27 Thread Ian Jackson
Anthony DeRobertis writes ("Re: Keysafe dynamic UID"): > I wonder if just adding a second user with the same uid would be safer > (so then the packaged scripts can use the new name), and documenting > that the old one will be removed for the next release? This is an idea worth

Re: Keysafe dynamic UID

2016-10-27 Thread Anthony DeRobertis
On Sun, Oct 23, 2016 at 04:59:20PM +0200, Guillem Jover wrote: > > Also renaming a user is actually trivial: > > usermod -l _something Debian-something > Unfortunately those names also get into various cron tabs, config files, etc. Doing that with, e.g., Debian-exim would immediately break

Re: Keysafe dynamic UID

2016-10-26 Thread Simon McVittie
On Wed, 26 Oct 2016 at 05:37:12 +0200, Guillem Jover wrote: > openarena Debian-openarena For what it's worth, if I was confident that renaming the user wouldn't be more disruptive than continuing to use the vendor-specific username, I'd be happy to call this one _openarena or something;

Re: Keysafe dynamic UID

2016-10-26 Thread Simon McVittie
On Wed, 26 Oct 2016 at 09:37:52 +0300, Dmitry Bogatov wrote: > > Minimizing the amount of logic in the > > actual maintainer script (ideally reduced to just running one helper > > tool with appropriate arguments), and adding a dependency on the > > helper tool that has the actual logic, would

Re: Keysafe dynamic UID

2016-10-26 Thread Dmitry Bogatov
[2016-10-25 10:04] Simon McVittie > > part text/plain2369 > On Tue, 25 Oct 2016 at 10:31:00 +0300, Dmitry Bogatov wrote: > > It may be worth to mention my dh-sysuser debhelper here: > ... > > * unless another package requires same users, they are > >

Re: Keysafe dynamic UID

2016-10-25 Thread Guillem Jover
Hi! On Sun, 2016-10-23 at 18:44:47 +0200, Marc Haber wrote: > On Sun, 23 Oct 2016 14:48:44 +0200, Guillem Jover wrote: > > Right now I'm actually considering going over the archive and sending > > patches to convert Debian-user and debian-user to _user… > Don't bother for my packages. I'm not

Re: Keysafe dynamic UID

2016-10-25 Thread Simon McVittie
On Tue, 25 Oct 2016 at 10:31:00 +0300, Dmitry Bogatov wrote: > It may be worth to mention my dh-sysuser debhelper here: ... >* unless another package requires same users, they are > removed on package purge >* if possible, ensures, that install-purge-install cycle saves >

Re: Keysafe dynamic UID

2016-10-25 Thread Dmitry Bogatov
[2016-10-24 12:18] "W. Martin Borgert" > > part text/plain 354 > Quoting Tollef Fog Heen : > > I'd prefer if user creation was just done declaratively and then we > > could scan the archive. If we have a manually-maintained list, it will

Re: Keysafe dynamic UID

2016-10-24 Thread Sean Whitton
On Mon, Oct 24, 2016 at 08:58:49AM +0200, Christian Seiler wrote: > The requirement to have this for dynamically allocated IDs also > probably stems from the fact that the users created in postinst scripts > should not conflict. But wouldn't it be far easier to just create a > page on the Debian

Re: Keysafe dynamic UID

2016-10-24 Thread W. Martin Borgert
Quoting Tollef Fog Heen : I'd prefer if user creation was just done declaratively and then we could scan the archive. If we have a manually-maintained list, it will get out of sync with reality pretty quickly. +1 and +1 It would be nice to have some progress on this:

Re: Keysafe dynamic UID

2016-10-24 Thread Vincent Bernat
❦ 24 octobre 2016 09:12 +0200, Tollef Fog Heen  : >> The requirement to have this for dynamically allocated IDs also >> probably stems from the fact that the users created in postinst scripts >> should not conflict. But wouldn't it be far easier to just create a >> page on the

Re: Keysafe dynamic UID

2016-10-24 Thread Christian Seiler
On 10/24/2016 09:12 AM, Tollef Fog Heen wrote: > I'd prefer if user creation was just done declaratively and then we > could scan the archive. If we have a manually-maintained list, it will > get out of sync with reality pretty quickly. Doing this declaratively would definitely be the ideal

Re: Keysafe dynamic UID

2016-10-24 Thread Tollef Fog Heen
]] Christian Seiler > On 10/24/2016 12:42 AM, Colin Watson wrote: > > On Sat, Oct 22, 2016 at 02:57:23PM -0700, Sean Whitton wrote: > >> I am packaging Keysafe,[1] and the binary package keysafe-server needs > >> to create a new system user with a dynamically allocated UID. > >> > >> I am using

Re: Keysafe dynamic UID

2016-10-24 Thread Christian Seiler
On 10/24/2016 12:42 AM, Colin Watson wrote: > On Sat, Oct 22, 2016 at 02:57:23PM -0700, Sean Whitton wrote: >> I am packaging Keysafe,[1] and the binary package keysafe-server needs >> to create a new system user with a dynamically allocated UID. >> >> I am using the username 'keysafe'. I do not

Re: Keysafe dynamic UID

2016-10-23 Thread Colin Watson
On Sat, Oct 22, 2016 at 02:57:23PM -0700, Sean Whitton wrote: > I am packaging Keysafe,[1] and the binary package keysafe-server needs > to create a new system user with a dynamically allocated UID. > > I am using the username 'keysafe'. I do not anticipate any collision > with any other

Re: Keysafe dynamic UID

2016-10-23 Thread Marc Haber
On Sun, 23 Oct 2016 16:06:30 +0200, Guillem Jover wrote: >I might be completely wrong, but the way I read the current situation >is: > > * The (previous) proponents of the Debian- prefixed names don't >mind much because they are fine delegating that decision to >

Re: Keysafe dynamic UID

2016-10-23 Thread Marc Haber
On Sun, 23 Oct 2016 16:15:09 +0200, Michael Biebl wrote: >Am 23.10.2016 um 14:48 schrieb Guillem Jover: >> I think the solution here is pretty clear. The _-prefix is neutral, >> short and used by other sytems. The Debian-prefix makes names way >> long (used(?) to cause problems

Re: Keysafe dynamic UID

2016-10-23 Thread Marc Haber
On Sun, 23 Oct 2016 14:48:44 +0200, Guillem Jover wrote: >Right now I'm actually considering going over the archive and sending >patches to convert Debian-user and debian-user to _user… Don't bother for my packages. I'm not risiking doing disruptive changes and being forced

Re: Keysafe dynamic UID

2016-10-23 Thread Ian Jackson
Guillem Jover writes ("Re: Keysafe dynamic UID"): > I might be completely wrong, but the way I read the current situation > is: > > * The (previous) proponents of the Debian- prefixed names don't > mind much because they are fine delegating that decision to >

Re: Keysafe dynamic UID

2016-10-23 Thread Guillem Jover
Hi! On Sun, 2016-10-23 at 12:32:30 -0200, Henrique de Moraes Holschuh wrote: > On Sun, 23 Oct 2016, Guillem Jover wrote: > > Right now I'm actually considering going over the archive and sending > > patches to convert Debian-user and debian-user to _user… > Make it active only for new installs,

Re: Keysafe dynamic UID

2016-10-23 Thread Guillem Jover
On Sun, 2016-10-23 at 16:06:30 +0200, Guillem Jover wrote: > I've just sent a patch for adduser to accept _-prefixed system names > (but not for normal users w/o --force-badname). Then if this gets > merged, there will be even more compelling reasons to use that. ;) Sorry, that would be

Re: Keysafe dynamic UID

2016-10-23 Thread Henrique de Moraes Holschuh
On Sun, 23 Oct 2016, Guillem Jover wrote: > Right now I'm actually considering going over the archive and sending > patches to convert Debian-user and debian-user to _user… Make it active only for new installs, and you will have bypassed the most troublesome issue. Just be *extremely* careful to

Re: Keysafe dynamic UID

2016-10-23 Thread Michael Biebl
Am 23.10.2016 um 14:48 schrieb Guillem Jover: > I think the solution here is pretty clear. The _-prefix is neutral, > short and used by other sytems. The Debian-prefix makes names way > long (used(?) to cause problems on display), is a Debianism that > seems wrong on non-Debian systems, and is

Re: Keysafe dynamic UID

2016-10-23 Thread Guillem Jover
Hi! On Sun, 2016-10-23 at 15:07:27 +0200, Vincent Bernat wrote: > ❦ 23 octobre 2016 14:38 +0200, Guillem Jover  : > >> It is better to use either _keysafe or Debian-keysafe to avoid collision > >> with existing users (like Kevin Eysafe). > > > > Please avoid the atrocious

Re: Keysafe dynamic UID

2016-10-23 Thread Vincent Bernat
❦ 23 octobre 2016 14:38 +0200, Guillem Jover  : >> It is better to use either _keysafe or Debian-keysafe to avoid collision >> with existing users (like Kevin Eysafe). > > Please avoid the atrocious «Debian-user» Debianism. The «_user» is > shorter, and used on some of the

Re: Keysafe dynamic UID

2016-10-23 Thread Marco d'Itri
On Oct 23, Guillem Jover wrote: > I think the solution here is pretty clear. The _-prefix is neutral, > short and used by other sytems. The Debian-prefix makes names way > long (used(?) to cause problems on display), is a Debianism that > seems wrong on non-Debian systems,

Re: Keysafe dynamic UID

2016-10-23 Thread Guillem Jover
Hi! On Sun, 2016-10-23 at 12:54:56 +0200, Marc Haber wrote: > On Sun, 23 Oct 2016 00:26:40 +0200, Jakub Wilk wrote: > > Maybe we could fix #429671? > > I know it's been only 9 years old, but still... > We either need a policy change or a TC decision for that. The policy > editor didn't want to

Re: Keysafe dynamic UID

2016-10-23 Thread Guillem Jover
Hi! On Sun, 2016-10-23 at 00:14:43 +0200, Vincent Bernat wrote: > ❦ 22 octobre 2016 14:57 -0700, Sean Whitton  : > > I am packaging Keysafe,[1] and the binary package keysafe-server needs > > to create a new system user with a dynamically allocated UID. > > > > I am

Re: Keysafe dynamic UID

2016-10-23 Thread Marc Haber
On Sun, 23 Oct 2016 00:26:40 +0200, Jakub Wilk wrote: >* Vincent Bernat , 2016-10-23, 00:14: >>>I am using the username 'keysafe'. I do not anticipate any collision with >>>any other package, but policy says I should e-mail you to confirm that. >>It is

Re: Keysafe dynamic UID

2016-10-22 Thread Sean Whitton
Hello, On Sun, Oct 23, 2016 at 12:14:43AM +0200, Vincent Bernat wrote: > It is better to use either _keysafe or Debian-keysafe to avoid collision > with existing users (like Kevin Eysafe). Thanks. Will do. -- Sean Whitton signature.asc Description: PGP signature

Re: Keysafe dynamic UID

2016-10-22 Thread Jakub Wilk
* Vincent Bernat , 2016-10-23, 00:14: I am using the username 'keysafe'. I do not anticipate any collision with any other package, but policy says I should e-mail you to confirm that. It is better to use either _keysafe or Debian-keysafe to avoid collision with existing

Re: Keysafe dynamic UID

2016-10-22 Thread Vincent Bernat
❦ 22 octobre 2016 14:57 -0700, Sean Whitton  : > I am packaging Keysafe,[1] and the binary package keysafe-server needs > to create a new system user with a dynamically allocated UID. > > I am using the username 'keysafe'. I do not anticipate any collision > with any

Keysafe dynamic UID

2016-10-22 Thread Sean Whitton
Dear base-passwd maintainer, I am packaging Keysafe,[1] and the binary package keysafe-server needs to create a new system user with a dynamically allocated UID. I am using the username 'keysafe'. I do not anticipate any collision with any other package, but policy says I should e-mail you to