Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
Sam James writes: > [[PGP Signed Part:Undecided]] > > Florian Schmaus writes: > >> [[PGP Signed Part:Undecided]] >> On 18/07/2023 11.56, Sam James wrote: >>> Mike Gilbert writes: >>> On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: >> Haven't we been keeping these because we still need to decide on a >> policy about what to do with dead acct-*/* packages? > > Right. https://bugs.gentoo.org/781881 is still open. Flow could ping > the QA team and ask if it should be closed, given the opinion there > seems to be that there's no need to keep them, but I think it's wrong > to do this pre-empting a policy decision, given it essentially forces > the "don't keep them" path. The bug has been open for several months without comment. If a policy were going to materialize, I think it would have happened by now. Forcing the issue by sending this last rites notice seems acceptable to me. >>> Pinging someone rather than "forcing the issue" as a first-step is >>> customary. >> >> I am sorry, but it seems that I have to clarify something. >> >> First, I have "pinged someone." > > Ping on IRC (in #gentoo-qa, or could PM me), or again on the bug? > > Someone asked the QA team to make a decision. We haven't yet, as I'd > forgot about it. It seems wrong to then just pretend that didn't happen. > > At least try to get it resolved on that end by pinging again / asking us? Just to be super duper clear: it's fine with me if we just move on and don't keep the packages, but I think a quick /msg #gentoo-qa "hey guys, nothing seems to be happening with the bug, do you mind if we just close it?" wouldn't have gone amiss. That is _all_ I'm asking for here. And then when we get onto talk of "incentives" and "illegitimate shadow policies", I become very confused indeed. signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
Florian Schmaus writes: > [[PGP Signed Part:Undecided]] > On 18/07/2023 11.56, Sam James wrote: >> Mike Gilbert writes: >> >>> On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: > Haven't we been keeping these because we still need to decide on a > policy about what to do with dead acct-*/* packages? Right. https://bugs.gentoo.org/781881 is still open. Flow could ping the QA team and ask if it should be closed, given the opinion there seems to be that there's no need to keep them, but I think it's wrong to do this pre-empting a policy decision, given it essentially forces the "don't keep them" path. >>> >>> The bug has been open for several months without comment. If a policy >>> were going to materialize, I think it would have happened by now. >>> >>> Forcing the issue by sending this last rites notice seems acceptable to me. >> Pinging someone rather than "forcing the issue" as a first-step is >> customary. > > I am sorry, but it seems that I have to clarify something. > > First, I have "pinged someone." Ping on IRC (in #gentoo-qa, or could PM me), or again on the bug? Someone asked the QA team to make a decision. We haven't yet, as I'd forgot about it. It seems wrong to then just pretend that didn't happen. At least try to get it resolved on that end by pinging again / asking us? > > As of writing this, I was the last to comment on the QA bug about five > months ago, asking why we would want to keep unused acct-* packages > [1]. Since then, this has not been answered, and there have been zero > other replies. That signaled me that there was no interest in pursuing > the matter further. In addition, we have already removed acct-* > packages in the past. > I'm sorry that somebody missed a ping in a FOSS project. But this is probably not the first time it's happened to you. > Secondly, nobody immediately forces anything. > I'm saying that speaking to someone works better than committing something and then asking for discussion. > Sam, I am afraid, but I believe that the situation is different from > how you frame it. > > > The proponents of keeping obsolete acct-* packages have the inventive > to establish their preferred policy. It's a bit aggressive to take action, without pinging before doing so (you did several months ago, that's not really the same thing), to "incentivise" someone. > > Accusing me of not facilitating a QA bug that deals with establishing > a policy I do not favor seems unfair. > I'm not sure I'm doing that. I'm saying that doing this preempts a decision and that a ping would've been polite. > Do you think that a QA bug that has not seen progress in nearly five > months should be able to establish an illegitimate shadow policy? > Come on. signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
On 18/07/2023 11.56, Sam James wrote: Mike Gilbert writes: On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: Haven't we been keeping these because we still need to decide on a policy about what to do with dead acct-*/* packages? Right. https://bugs.gentoo.org/781881 is still open. Flow could ping the QA team and ask if it should be closed, given the opinion there seems to be that there's no need to keep them, but I think it's wrong to do this pre-empting a policy decision, given it essentially forces the "don't keep them" path. The bug has been open for several months without comment. If a policy were going to materialize, I think it would have happened by now. Forcing the issue by sending this last rites notice seems acceptable to me. Pinging someone rather than "forcing the issue" as a first-step is customary. I am sorry, but it seems that I have to clarify something. First, I have "pinged someone." As of writing this, I was the last to comment on the QA bug about five months ago, asking why we would want to keep unused acct-* packages [1]. Since then, this has not been answered, and there have been zero other replies. That signaled me that there was no interest in pursuing the matter further. In addition, we have already removed acct-* packages in the past. Secondly, nobody immediately forces anything. The removal date for the acct-* packages is one month from now. One month is hopefully enough time to decide whether we want such a policy. Sam, I am afraid, but I believe that the situation is different from how you frame it. The proponents of keeping obsolete acct-* packages have the inventive to establish their preferred policy. Accusing me of not facilitating a QA bug that deals with establishing a policy I do not favor seems unfair. Do you think that a QA bug that has not seen progress in nearly five months should be able to establish an illegitimate shadow policy? Currently, acct-* packages are governed by our current policy regarding package removal. If we decide to change this, we can also revert the acct-* package removals. - Flow 1: https://bugs.gentoo.org/781881#c7 OpenPGP_0x8CAC2A9678548E35.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
Mike Gilbert writes: > On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: >> > Haven't we been keeping these because we still need to decide on a >> > policy about what to do with dead acct-*/* packages? >> >> Right. https://bugs.gentoo.org/781881 is still open. Flow could ping >> the QA team and ask if it should be closed, given the opinion there >> seems to be that there's no need to keep them, but I think it's wrong >> to do this pre-empting a policy decision, given it essentially forces >> the "don't keep them" path. > > The bug has been open for several months without comment. If a policy > were going to materialize, I think it would have happened by now. > > Forcing the issue by sending this last rites notice seems acceptable to me. Pinging someone rather than "forcing the issue" as a first-step is customary. signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
On 18-07-2023 11:42:39 +0300, Зураб Квачадзе wrote: > How do we handle this case, then. > Imagine we have a leaf package acct-user/foo, which has a reserved UID of 123. > It gets last rited and its entry is removed from uid-gid.txt. After a while > appears a new package acct-user/bar, which takes the 123 UID. Then a user, say > Bob, updates their system, which haven't been updated for some time. What if > they still have acct-user/foo, when acct-user/bar with the same UID is > installed? Should we even care about such cases? IMO we should, thus 123 should not be removed from uid-gid.txt, and instead be marked as reserved or something with a date. Thanks, Fabian -- Fabian Groffen Gentoo on a different level signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
Well, this configuration is reasonable, I am for the change On Tue, 18 Jul 2023 at 11:55 Florian Schmaus wrote: > On 18/07/2023 10.42, Зураб Квачадзе wrote: > > How do we handle this case, then. > > Imagine we have a leaf package acct-user/foo, which has a reserved UID > > of 123. It gets last rited and its entry is removed from uid-gid.txt. > > Nobody is proposing that the uid-gid.txt entry is removed. Ideally, it > would be marked as 'historical', together with the date it went historical. > > > > After a while appears a new package acct-user/bar, which takes the 123 > > UID. Then a user, say Bob, updates their system, which haven't been > > updated for some time. What if they still have acct-user/foo, when > > acct-user/bar with the same UID is installed? > > If a UID/GID is in use, then acct-*.eclass will find the next suitable > ID (unless, e.g. ACCT_USER_ENFORCE_ID is set, we is usually not the case). > > - Flow >
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
On 18/07/2023 10.42, Зураб Квачадзе wrote: How do we handle this case, then. Imagine we have a leaf package acct-user/foo, which has a reserved UID of 123. It gets last rited and its entry is removed from uid-gid.txt. Nobody is proposing that the uid-gid.txt entry is removed. Ideally, it would be marked as 'historical', together with the date it went historical. After a while appears a new package acct-user/bar, which takes the 123 UID. Then a user, say Bob, updates their system, which haven't been updated for some time. What if they still have acct-user/foo, when > acct-user/bar with the same UID is installed? If a UID/GID is in use, then acct-*.eclass will find the next suitable ID (unless, e.g. ACCT_USER_ENFORCE_ID is set, we is usually not the case). - Flow OpenPGP_0x8CAC2A9678548E35.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
How do we handle this case, then. Imagine we have a leaf package acct-user/foo, which has a reserved UID of 123. It gets last rited and its entry is removed from uid-gid.txt. After a while appears a new package acct-user/bar, which takes the 123 UID. Then a user, say Bob, updates their system, which haven't been updated for some time. What if they still have acct-user/foo, when acct-user/bar with the same UID is installed? Should we even care about such cases? On Tue, 18 Jul 2023 at 11:22 Pacho Ramos wrote: > El jue, 01-01-1970 a las 00:00 +, Ulrich Mueller escribió: > > > > > > > On Mon, 17 Jul 2023, Mike Gilbert wrote: > > > > > On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: > > > > > Haven't we been keeping these because we still need to decide > > > > > on a > > > > > policy about what to do with dead acct-*/* packages? > > > > > > > > Right. https://bugs.gentoo.org/781881 is still open. Flow could > > > > ping > > > > the QA team and ask if it should be closed, given the opinion > > > > there > > > > seems to be that there's no need to keep them, but I think it's > > > > wrong > > > > to do this pre-empting a policy decision, given it essentially > > > > forces > > > > the "don't keep them" path. > > > > > The bug has been open for several months without comment. If a > > > policy > > > were going to materialize, I think it would have happened by now. > > > > > Forcing the issue by sending this last rites notice seems > > > acceptable > > > to me. > > > > I'd say we remove the packages, because system user and group ids are > > a somewhat scarce resource. > > I agree because of the same reasons > >
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
El jue, 01-01-1970 a las 00:00 +, Ulrich Mueller escribió: > > > > > > On Mon, 17 Jul 2023, Mike Gilbert wrote: > > > On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: > > > > Haven't we been keeping these because we still need to decide > > > > on a > > > > policy about what to do with dead acct-*/* packages? > > > > > > Right. https://bugs.gentoo.org/781881 is still open. Flow could > > > ping > > > the QA team and ask if it should be closed, given the opinion > > > there > > > seems to be that there's no need to keep them, but I think it's > > > wrong > > > to do this pre-empting a policy decision, given it essentially > > > forces > > > the "don't keep them" path. > > > The bug has been open for several months without comment. If a > > policy > > were going to materialize, I think it would have happened by now. > > > Forcing the issue by sending this last rites notice seems > > acceptable > > to me. > > I'd say we remove the packages, because system user and group ids are > a somewhat scarce resource. I agree because of the same reasons signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
> On Mon, 17 Jul 2023, Mike Gilbert wrote: > On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: >> > Haven't we been keeping these because we still need to decide on a >> > policy about what to do with dead acct-*/* packages? >> >> Right. https://bugs.gentoo.org/781881 is still open. Flow could ping >> the QA team and ask if it should be closed, given the opinion there >> seems to be that there's no need to keep them, but I think it's wrong >> to do this pre-empting a policy decision, given it essentially forces >> the "don't keep them" path. > The bug has been open for several months without comment. If a policy > were going to materialize, I think it would have happened by now. > Forcing the issue by sending this last rites notice seems acceptable > to me. I'd say we remove the packages, because system user and group ids are a somewhat scarce resource. The ids in uid-gid.txt (in data/api.git) need to be updated as well, i.e. they should be kept for now but changed to historical. Ulrich signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
On Mon, Jul 17, 2023 at 4:27 PM Sam James wrote: > > Haven't we been keeping these because we still need to decide on a > > policy about what to do with dead acct-*/* packages? > > Right. https://bugs.gentoo.org/781881 is still open. Flow could ping > the QA team and ask if it should be closed, given the opinion there > seems to be that there's no need to keep them, but I think it's wrong > to do this pre-empting a policy decision, given it essentially forces > the "don't keep them" path. The bug has been open for several months without comment. If a policy were going to materialize, I think it would have happened by now. Forcing the issue by sending this last rites notice seems acceptable to me.
Re: [gentoo-dev] Re: [gentoo-dev-announce] Last rites: obsolete acct-* packages
Matt Turner writes: > On Mon, Jul 17, 2023 at 3:43 PM Florian Schmaus wrote: >> >> # Florian Schmaus (2023-07-17) >> # Obsolete acct-* packages which became leaf packages. >> # Removal on 2023-08-17. >> acct-user/artifactory >> acct-group/artifactory >> acct-user/cinder >> acct-group/cinder >> acct-user/glance >> acct-group/glance >> acct-user/heat >> acct-group/heat >> acct-user/keystone >> acct-group/keystone >> acct-user/litecoin >> acct-group/litecoin >> acct-user/logcheck >> acct-group/logcheck >> acct-user/minbif >> acct-group/minbif >> acct-user/minio >> acct-group/minio >> acct-user/netbox >> acct-group/netbox >> acct-user/neutron >> acct-group/neutron >> acct-user/nova >> acct-group/nova >> acct-user/placement >> acct-group/placement >> acct-user/quagga >> acct-group/quagga >> acct-user/rplayd >> acct-group/rplayd >> acct-user/rstudio-server >> acct-group/rstudio-server >> acct-user/rundeck >> acct-group/rundeck >> acct-user/sguil >> acct-group/sguil >> acct-user/sigh >> acct-group/sigh >> acct-user/smokeping >> acct-group/smokeping >> acct-user/sobby >> acct-group/sobby >> acct-user/spread >> acct-group/spread >> acct-user/stg >> acct-group/stg >> acct-user/swift >> acct-group/swift >> acct-user/thttpd >> acct-group/thttpd >> acct-group/gpio >> acct-group/simplevirt >> acct-group/spi > > Haven't we been keeping these because we still need to decide on a > policy about what to do with dead acct-*/* packages? Right. https://bugs.gentoo.org/781881 is still open. Flow could ping the QA team and ask if it should be closed, given the opinion there seems to be that there's no need to keep them, but I think it's wrong to do this pre-empting a policy decision, given it essentially forces the "don't keep them" path. signature.asc Description: PGP signature
