1 |
>>>>> On Fri, 20 Feb 2015, Daniel Campbell wrote: |
2 |
|
3 |
> When this becomes more widespread, what action are users urged to |
4 |
> take in order to "migrate" to the new system? Should our everyday |
5 |
> user account be removed from the `games` group, and the group should |
6 |
> be removed altogether? |
7 |
|
8 |
Currently, users need not take any action. |
9 |
|
10 |
In the hypothetical case that games.eclass would be abandoned, the |
11 |
"games" group would likely go away and should then be removed from |
12 |
users' systems. However, with about 1000 ebuilds currently inheriting |
13 |
games.eclass, I don't see that happening any time soon. There's a long |
14 |
discussion on this topic in the nethack bug [1]. |
15 |
|
16 |
Personally, I think that controlling who is allowed to run certain |
17 |
types of applications via group membership is a great idea. We should |
18 |
introduce that approach for other applications too. How about an |
19 |
"editors" group? Text editors are potentially dangerous because they |
20 |
allow users to modify files. Therefore, the system administrator |
21 |
should add only trusted users to the "editors" group so they can run |
22 |
programs like emacs, nano, or vim from the app-editors category. |
23 |
|
24 |
Ulrich |
25 |
|
26 |
[1] https://bugs.gentoo.org/125902 |