1 |
>>>>> On Wed, 05 Jun 2019, Michael Orlitzky wrote: |
2 |
|
3 |
> Should we require a mailing list review for new user/group packages? |
4 |
> It's difficult to modify a user once you've settled on a UID, home |
5 |
> directory, and shell; so it pays to get things right the first time. |
6 |
|
7 |
> The need is more apparent with fixed UIDs: if a popular package "steals" |
8 |
> a UID that some other package needs, then that other package is going to |
9 |
> be difficult or impossible to install (especially if it ultimately |
10 |
> depends on the popular package). |
11 |
|
12 |
> A mailing list review could elicit a "hey, my package NEEDS that UID, |
13 |
> and yours doesn't care" before it's too late. |
14 |
|
15 |
Policy requires such a review since a long time, at least for hardcoded |
16 |
user and group IDs: |
17 |
https://devmanual.gentoo.org/ebuild-writing/users-and-groups/ |