this assignment, should it?
Therefore I am requesting uid and gid 818, both named "jenkins", for
dev-util/jenkins-bin.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
I am requesting uid and gid 440, both named "collectd", for
app-metrics/collectd.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
I am requesting uid and gid 59, both named "unbound", for
net-dns/unbound.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
d somewhere
else, why do we care at all about "others"?
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
zbd is a perfect example. Up to date in repository and working.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
On 2019-12-05 04:06, William Hubbs wrote:
> On Thu, Dec 05, 2019 at 03:56:05AM +0100, Thomas Deutschmann wrote:
>> On 2019-12-05 01:15, Aaron Bauman wrote:
>>> * Removal in 30 days
>>
>> Why? I understand that Py2 will reach EOL upstream status but we all
>> kn
inimum.
[1]
https://archives.gentoo.org/gentoo-dev/message/d00a956180ab7df980ac5642e3abc179
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
ing which *can* work because we still have no
system to declare "Yes, I am the maintainer of this package but I am
fine with you touching it".
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
n as a whole. For example, a lot of packages are now
masked *with* dev-lang/php:5.6 because Gentoo will finally get rid of
PHP 5.6 which is EOL since 2018-12-31. But we didn't break PHP 5.6 users
by starting to remove PECL extension for this version while
dev-lang/php:5.6 was still a thing...
-
which drives me nuts...
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
our reason to mask affected dependencies (like PHP project did with PHP
5.6 and consumers).
Maybe someday one of those responsible will admit that this step was not
a thoughtful and good decision and promise not to do it that way again
and I'll get over it. Who knows. :)
--
Regards,
Thomas
.8 and
message will go away.
And again: If this will really solve problems, why is anyone allowed to
take over those package like I did for sabnzbd? If you are right and
this is really a problem for Gentoo I shouldn't be allowed to do that.
And *then* we would also have a reason to mask :-)
Hi,
just wondering if you have seen https://bugs.gentoo.org/532264#c24. If
this is still valid, is your change really needed?
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
highest free number.
I.e. it should be recommended to pick the lowest free UID/GID pair
instead (just to avoid fragmentation and keep 501+ free as long as
possible).
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Descript
eir Gentoo systems
(most packages used dynamic allocation until GLEP 81), you won't have
"clean", collision free systems with same ID all over the places.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
On 2019-12-09 19:48, Ulrich Mueller wrote:
>>>>>> On Mon, 09 Dec 2019, Thomas Deutschmann wrote:
>
>> Like said, if an ID is already taken for any reason on user's system,
>> that's not a problem. acct-* can handle that... there's nothing like a
&
r <> host mapping has match.
No, when you follow best practice you will always pass user/group or use
other available mapping solutions.
So while it sounds like a valid *goal*, in real world, it isn't.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 56
container to access data
stored on host, i.e.
> $ docker run \
> --name some-mysql \
> -v /my/own/datadir:/var/lib/mysql \
> -e MYSQL_ROOT_PASSWORD=my-secret-pw \
> -d mysql:tag
which will make /my/own/datadir from host available in container as
/var/lib/mysql.
--
.
Could you please be a little bit more precise what's changing?
acct-* shouldn't mess with already *existing* users. So upgrade
experience shouldn't be affected...
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signatu
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann
---
acct-group/jenkins/jenkins-0.ebuild | 9 +
acct-group/jenkins/metadata.xml | 12
2 files changed, 21 insertions(+)
create mode 100644 acct-group/jenkins/jenkins-0.ebuild
create mode
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann
---
acct-user/jenkins/jenkins-0.ebuild | 13 +
acct-user/jenkins/metadata.xml | 12
2 files changed, 25 insertions(+)
create mode 100644 acct-user/jenkins/jenkins-0.ebuild
create mode
Hi,
please see my first package migration to GLEP 81.
Complete change set can be found at https://github.com/gentoo/gentoo/pull/14121.
Previous ebuilds using user eclass called
fowners jenkins:jenkins /var/log/jenkins ${JENKINS_DIR} ${JENKINS_DIR}/home
${JENKINS_DIR}/backup
which I changed
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann
---
dev-util/jenkins-bin/Manifest | 1 +
.../jenkins-bin/jenkins-bin-2.204.1.ebuild| 47 +++
2 files changed, 48 insertions(+)
create mode 100644 dev-util/jenkins-bin/jenkins
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann
---
dev-util/jenkins-bin/Manifest | 1 +
dev-util/jenkins-bin/jenkins-bin-2.210.ebuild | 47 +++
2 files changed, 48 insertions(+)
create mode 100644 dev-util/jenkins-bin/jenkins
On 2019-12-26 12:04, Michael Orlitzky wrote:
> On 12/25/19 10:11 AM, Thomas Deutschmann wrote:
>> +ACCT_USER_HOME=/var/lib/jenkins
> Needed?
I cannot answer that for sure. In *my* setups I need a valid home for
standard SSH setup (~/.ssh/authorized_keys). But there are dozen ways
how
would have to ensure somehow that system
A which acts as application server for "myapp" will only get
acct-*/- and system B which will
act as application server for "myapp2" will get
acct-*/- instead?! Not
to mention what will happen if you get a third system which will be able
ges would work
for all the application servers running this specific role/state. But
these adjusted packages would be wrong for the servers running grafana
role/state, i.e. running www-apps/grafana-bin behind www-servers/nginx
proxy. So you would end up with multiple acct-*/nginx ebuilds for each
Title: Genkernel 4 changed default kernel and initramfs filename
Author: Thomas Deutschmann
Posted: 2019-12-27
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: >=sys-kernel/genkernel-4
To be consistent with kernel's own naming which allows for easier
matching of kernel/initra
.org/support/news-items/2019-07-18-syncthing-update-incompatibility.html
and
https://www.gentoo.org/support/news-items/2019-11-25-rpi-firmware-dtb-files.html
were posted? :-)
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
s
Hi,
news item has been published:
https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=b53539af13d77a7ad811327b677b9933e1dfb1b0
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital
onfiguration from current running kernel.
Without providing a kernel config, user will probably fall back to
generic configuration which isn't intended for daily usage.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signatur
-/
--
Regards,
Thomas Deutschmann / Gentoo Security Team
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
y for the future when
someone wants to understand why an ebuild was changed that way.
That's why Debian created https://salsa.debian.org/, Fedora has
https://src.fedoraproject.org/ ...
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
changing home, groups...). At least if user/group were created/modified
outside of PM.
See also:
=
[1]
https://archives.gentoo.org/gentoo-dev/message/05c9b211eb18012d16302194a7bc37e6
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
s really a bad default and it's breaking with existing principles
you can find in most distributions: Don't touch stuff which were changed
by the user.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Desc
ly might happen with the current implementation which
tries to keep user/group state like described in package. Something you
will only see in Gentoo and no other distribution.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.
ncil meeting log and even the mail discussion
before you will read that I always shared concerns about touching
existing user. I was only fine because I was told "We are aware, what
you described won't happen" and I didn't make a secret that I didn't had
the time to f
e don't have a better mechanism like setting a mask to get
attention), you have to deal with the fact that this is disruptive and
that not everyone like that.
But please, nobody is publicly shaming anyone. If you play that card,
don't wonder that people will stop talking.
Don't rea
mes to anything math related (no
SSE2, -mfpmath=387...). So as long as we want that a package keyworded
for x86 really works on old x86 hardware, we have to go the long route
an test it.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 7
On 2020-03-19 04:03, Kent Fredric wrote:
> Because that experiment basically failed.
>
> Bugs with that flag, basically were treated (repeatedly) like that flag
> wasn't there.
Hehe, maybe because of missing tooling. Common tools like tatt don't
understand "ALLARCHE
ths (depends on severity of
reported vulnerabilities) we maybe decide to last-rite or apply a mask
to force user awareness through forced unmask action in case they need
that software. But again, this software isn't special and doesn't
require further discussion from our P.O.V.
--
Re
l reasons like "No one audited the Linux
version yet". But in security you don't issue warnings if you aren't
sure. Because if you make false statements people will no longer trust
you. But trust is everything.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F
e loaders and stuff like that you don't have when you do proper
ACLs).
Regarding bin/non-bin: Software has bugs. Some software tends to have
more issues. Just because we have the source code and compile software
on user's system doesn't make the application itself more secure than
vulnerability X in
Gentoo you heard about in the media, don't forget to check on your own
if this is also true for your architecture because in theory the
maintainer could have decided to make use of arch-depending eapply for
some reason..."
=> Keep it simple: Stable should mean th
does it?
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
packages until people learn that
stabilization is a lot of effort/work. Really, if you call for
stabilization and haven't tested your own package you are offloading
work to others which is not nice. I also dislike maintainers who simply
restrict tests on first failure. But in the end it's at leas
Hi,
merged, thanks:
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=606c745e611c216df15568bc8655e2781dc11095
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
will
start to ignore that the data is useless just to underline *their* point
in their current situation. :/
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
mation or share why you believe this has to be
removed. I assume you are talking about
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Disks and for
me it's not a *mess*.
Maybe move it to a 'legacy' sub page but it's too early for complete
removal from my P.O.V.
--
Reg
we would have data for distfiles.gentoo.org this won't help us.
See how Gentoo works: If you follow handbook you will pick a
local/regional mirror. Now all these users are suddenly 'disconnected'
from the download stats...
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
On 2020-04-26 15:46, Kent Fredric wrote:
> On Sun, 26 Apr 2020 14:38:54 +0200
> Thomas Deutschmann wrote:
>
>> Let's assume we will get reports that app-misc/foo is only installed 20
>> times. If you are going to judge based on this data, "Obviously, nobody
>&
gt; situation changing. -arch is so rare that I don't recall ever seeing
> it. In either case, restoring an arch should be an explicit action.
+1
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
ch is what basically
happened). It would be cool if our solution would be aware of this and
could handle this somehow. But I guess we would have to create our own
solution for this...
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74
imap is just not user-friendly.
It doesn't even has deps on other Python packages blocking your cleanup
delusion.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
n p-m should be treated like real devs. So
you can't just kill their packages because you want to.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
FYI:
I reverted the entire commit like this thread and bugs clearly show that
this list wasn't even reviewed/checked:
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b76ee2f3e20b55d268ec291a1a1328cc047f5a04
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24
s supposed to work.
C'mon. You even added net-nntp/sabnzbd to that list again which created
a lot of drama beginning of this year. Please don't try to say you
reviewed anything...
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 7
my laptop. Thanks for
> nothing.
...and not just because of net-nntp/sabnzbd like this thread has shown.
I followed Gentoo policy when I reverted a broken commit.
If can only urge you to revise pkg list and pay more attention for your
next commit.
--
Regards,
Thomas Deutschmann / Gentoo Linux
ot even what happened.
And yes, I probably wouldn't have notice this and wouldn't care if only
<3 were masked.
But again, that's not what has happened.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
n pkg_postinst, see
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-apps/kexec-tools/kexec-tools-2.0.20-r3.ebuild?id=61c03ffab76740c0420e3c8a3185d047d461f7a7#n111
---
Title: Multiple root kernel command-line arguments
Author: Thomas Deutschmann
Posted: 2020-08-05
Revision: 1
News-Item-Format: 2.0
Due to
Hi,
here's v2 based on some IRC feedback (grammar- and punctuation-related)
I am planning to add for tomorrow.
---
Title: Multiple root kernel command-line arguments
Author: Thomas Deutschmann
Posted: 2020-08-05
Revision: 1
News-Item-Format: 2.0
Due to genkernel-4.1 development whi
e channels. So if this will help
someone who didn't read documentation before or just didn't realize the
obvious risk he/she is taking when using non-persistent names ("It
worked that way for me past 15 years!") I believe it has served its purpose.
--
Regards,
Thomas Deutschmann
el issue, so displaying that only for
people who have genkernel installed would miss a bunch of users.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
t that uncommon) you maybe
also appending additional root argument which has the potential to cause
boot failures in case you are using non-permanent device names and
something will be different in start environment.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5
nformation and believe that avoiding that has much more
value than avoid a problem like an unbootable system for just a few
people (and for headless/servers this is a major problem in case you
cannot trigger remote reboot)... ¯\_(ツ)_/¯
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD
elf if we should teach kexec runscript to
return persistent name instead (utilizing lsblk for example) but this
will raises question like what to do if tools aren't available and maybe
user's start environment can't even handle root=UUID=... value :/
--
Regards,
Thomas Deutschmann /
e sys-fs/udev?
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
we would need to talk about ditching eudev in
general...
So for me it still looks like change for change's sake without a real
reason.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
On 2020-08-10 14:07, Michał Górny wrote:
> ...or a revert of a change made for change's sake.
That's a bold statement for an unambiguous 7-0 decision as seen in
https://bugs.gentoo.org/575718.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5
29062
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
promising
anything it cannot do.
--
Regards,
Thomas Deutschmann / Gentoo Security Team
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description: OpenPGP digital signature
On 2020-10-10 22:36, Michał Górny wrote:
On Sat, 2020-10-10 at 22:10 +0200, Thomas Deutschmann wrote:
Another example for something that was not thought to the end and
which was rushed and pushed to our users.
You start this mail with an insult to me. Why do you keep doing
this? Do you feel
# Thomas Deutschmann (2020-10-26)
# Depends on net-libs/zeromq-2 which is scheduled for removal.
# Removal in 30 days. Bug #741454.
dev-perl/ZMQ-LibZMQ2
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description
# Thomas Deutschmann (2020-10-26)
# Depends on net-libs/zeromq-3 which is scheduled for removal.
# Removal in 30 days. Bug #741454.
dev-perl/ZMQ-LibZMQ3
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description
Hi,
we are aware and are currently look into this.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
openpgp-digital-signature.asc
Description: PGP signature
d so in my opinion they were useful
I do not agree with this conclusion. Just because developers didn't
ignore you and spent additional time to understand and try to help like
we normally do when we get reports from inexperienced users, doesn't
mean it was a pleasure...
--
Regards
elease workflows. But yes, you have to get upstream's
attention to implement this.
And it's not just GitHub, don't forget about GitLab and those
self-hosted GitLab instances which often don't support to upload
arbitrary assets...
--
Regards,
Thomas Deutschmann / Gentoo
andling -- the service user must only be allowed to
pass through this directory).
PS: Just to avoid any misunderstandings: OpenTmpfiles should of course
try to fix/avoid this problem if possible. Security is a layered process
(like an onion) and having multiple safe-guards is always a good thing.
rk in
tmpfiles config. Saying that systemd's implementation is more secure
than OpenTmpfiles' implementation when you are still able to escalate
privileges is very misleading.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description: OpenPGP digital signature
Hi,
what exactly did you do already?
Did you uploaded to our internal key server? You can only upload through
dev.gentoo.org, see
https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys#Submit_your_new_key_to_the_keyserver
However, you can pull from this serve
Hi,
glad it's now working for you. In the meanwhile we are looking into issues with
the European Gentoo server 😉
> And FWIW this sentence is a little misleading if the SKS refresh
> frequency is zero =)
>
>The SKS keyserver pool can take much longer to replicate over the
>keyserver ne
7;t belong into
'specs'.
We maybe can talk about adding just a reference link to the Wiki guide
but I don't believe we should add this to GLEP.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Des
_to_the_keyserver)
That's all I would do to keep as many details out of the specs. But
maybe I am the only one who is so strict about the spec... I am just
saying and asking for comments.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849
Hi,
I took
> app-backup/tarsnap
--
Regards,
Thomas
openpgp-digital-signature.asc
Description: PGP signature
advance if the chance is high that you have to
spend the same amount of time again before you can finally merge.
--
Regards,
Thomas Deutschmann / Gentoo Security Team
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
e can opt-in by setting
ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED to a non-zero value in
their make.conf.
Signed-off-by: Thomas Deutschmann
---
eclass/acct-user.eclass | 40 ++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/eclass/acct-user.e
ation will be ignored). But
sometimes users are making changes we wouldn't do, not recommend or just
don't understand at first. That all doesn't matter: We have to keep in
mind that these aren't our systems and we have to respect whatever the
user did on their system.
--
Reg
age
group when you remerge acct-user/portage, but if you kill services
because package maintainers are pushing their vision of how to run the
package, it's not.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
hich will add some kind of slap stick to the whole idea.
That's why I am saying that we don't just need an opt-out option, that's
why I am argue that all this stuff has to be opt-in by default. It's
something special and unique in Gentoo.
--
Regards,
Thomas Deutschmann
On 2021-01-04 17:14, Michał Górny wrote:
as long as it spews a big fat ewarn that the user loses the right to
support.
Could you please elaborate this a little bit more? I cannot agree with
the way I understand this at the moment but I might miss your point.
--
Regards,
Thomas Deutschmann
t there is no acct-user/wheel because otherwise this group
would get cleaned (reset), too.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description: OpenPGP digital signature
On 2021-01-04 17:30, Thomas Deutschmann wrote:
On 2021-01-04 17:28, Michał Górny wrote:
It must be a bug in your version of the eclass. I've just reemerged
acct-group/wheel and to*my great surprise* I'm still there. How
unexpected!
That's why I wrote
> (luckily group
to a socket like shown in my memcached/redis example.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description: OpenPGP digital signature
.
This will improve the overlay situation and can be seen as overall
improvement but it doesn't address any shared concerns nor is it a
replacement for the proposed 'acct-user.eclass: don't modify existing
user by default' patch.
--
Regards,
Thomas Deutschmann / Gentoo
changes won't go live
until you run said users-update command or make use of INSTALL_MASK.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description: OpenPGP digital signature
address my concerns.
But I still wonder if building such a system is worth it... I mean, it
would be nice to have. Maybe we could build upon such a system to do
same for (changed) file permissions...
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5
able to differentiate
between values set by acct-* ebuild and user override)?
Of course this won't allow something like `ACCT_USER_ID=42 emerge
` but I am not sure if
this is an implementation goal.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1
ride via environment variable and be able to detect the override to
have them logged.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
I want it.
And it doesn't matter if I apply the role to a Gentoo, Debian, Ubuntu or
RHEL box... ;)
So I am not blocking ACCT_USER_$foo if anyone really believe it would
help them.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849
Hi,
I wonder how you composed this list. If you just checked if there is any
revdep, the check was probably useless:
For example,
dev-libs/cyberjack
is up-to-date, has an active dev as maintainer and is required for any
ReinerSCT chipcard reader.
--
Regards,
Thomas Deutschmann
101 - 200 of 243 matches
Mail list logo
