From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-93470-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C65C81382C5
	for <garchives@archives.gentoo.org>; Mon,  4 Jan 2021 16:18:19 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D7407E09E3;
	Mon,  4 Jan 2021 16:18:16 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9AE8CE08CD
	for <gentoo-dev@lists.gentoo.org>; Mon,  4 Jan 2021 16:18:16 +0000 (UTC)
To: gentoo-dev@lists.gentoo.org
References: <20210104013558.20072-1-whissi@gentoo.org>
 <60fac781-e080-999c-e83e-c657d5b89d18@gentoo.org>
 <cf400822-eba4-aa95-63ef-5f6f857f75b1@gentoo.org>
 <a616119d-a94b-997f-48c9-7bfde108cd20@gentoo.org>
 <4ca9ea6d4b2c2f0f7c29319d2c0015e2fec2b773.camel@gentoo.org>
From: Thomas Deutschmann <whissi@gentoo.org>
Organization: Gentoo Linux
Subject: Re: [gentoo-dev] [PATCH] acct-user.eclass: don't modify existing user
 by default
Message-ID: <6876f32c-5ea8-5c99-41c1-7c8963f5a976@gentoo.org>
Date: Mon, 4 Jan 2021 17:18:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
In-Reply-To: <4ca9ea6d4b2c2f0f7c29319d2c0015e2fec2b773.camel@gentoo.org>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="31mKUIKuzbRTXXahdD5t0AA9PDciYBZbm"
X-Archives-Salt: 1ca78743-43d2-4e8a-b7da-de29a9ef9880
X-Archives-Hash: efcd5dde3272aa99a5950d3b213e87d5

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--31mKUIKuzbRTXXahdD5t0AA9PDciYBZbm
Content-Type: multipart/mixed; boundary="kSckqRcYEfFuFZV8OV0IHQBccfK58VxU4";
 protected-headers="v1"
From: Thomas Deutschmann <whissi@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Message-ID: <6876f32c-5ea8-5c99-41c1-7c8963f5a976@gentoo.org>
Subject: Re: [gentoo-dev] [PATCH] acct-user.eclass: don't modify existing user
 by default
References: <20210104013558.20072-1-whissi@gentoo.org>
 <60fac781-e080-999c-e83e-c657d5b89d18@gentoo.org>
 <cf400822-eba4-aa95-63ef-5f6f857f75b1@gentoo.org>
 <a616119d-a94b-997f-48c9-7bfde108cd20@gentoo.org>
 <4ca9ea6d4b2c2f0f7c29319d2c0015e2fec2b773.camel@gentoo.org>
In-Reply-To: <4ca9ea6d4b2c2f0f7c29319d2c0015e2fec2b773.camel@gentoo.org>

--kSckqRcYEfFuFZV8OV0IHQBccfK58VxU4
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 2021-01-04 16:55, David Seifert wrote:
> This is what we agree on. We need an escape hatch, and it needs to be
> off by default. Any sysadmin overriding it gets to keep the pieces, but=

> they need to have that option.

See Mike's example again.

In last chapter of Gentoo's handbook (Finalization) we recommend user to =

call 'usermod' to put themselves into important groups like wheel or=20
portage.

Now guess what's happening? Whenever acct-user/portage will get=20
remerged, PM will remove that user from portage group (luckily groups=20
like wheel don't have users...).

Do you really want to extend handbook and tell everyone, "OK, as last=20
step, please create an overlay and fork acct-user/portage...". In case=20
the answer will be yes, we now have successfully killed the idea of=20
allowing maintainers to fix a user/group if this will ever be necessary=20
which will add some kind of slap stick to the whole idea.

That's why I am saying that we don't just need an opt-out option, that's =

why I am argue that all this stuff has to be opt-in by default. It's=20
something special and unique in Gentoo.


--=20
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5


--kSckqRcYEfFuFZV8OV0IHQBccfK58VxU4--

--31mKUIKuzbRTXXahdD5t0AA9PDciYBZbm
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAl/zP8IFAwAAAAAACgkQRObr3Jv2BVny
Igf+PYZwiBedTqwWdct1MMCuEW1Fo4Vko0tZ5E3sltbccS8NAm/4CFVRZ1XEDGVnnuwYkNUL1f90
7TBrI8kY9fZc4h1Ig9YGmYQ5RZ4FKk2/Qjlne8wGzmc8fntyrG7cLKaHYCNXqXK6xwG+nM8lCF1u
nvXC819FWIIakpv/lfv7WzOs+3msfBlTvGcIsOXKf4NCNMZX1Xe3GJJynDHI9oOD768x6ASLf2TC
BfRua9ZfPepnCOhz7dbFSlDUchpbTshyaqTtb51GiulBkhs+oacJ+8bROlHFFfBmj1YZ9hTSC1Xc
2zL8xq/slnjX22+0QwQ5msKPLRdZqvZ/FfsM6SyNGQ==
=IvzY
-----END PGP SIGNATURE-----

--31mKUIKuzbRTXXahdD5t0AA9PDciYBZbm--