1 |
On Wed, 2019-06-12 at 22:21 -0400, Michael Orlitzky wrote: |
2 |
> On 6/9/19 7:39 AM, Michał Górny wrote: |
3 |
> > + |
4 |
> > +All new users and groups must have unique UIDs/GIDs assigned |
5 |
> > +by developers. The developer adding them is responsible for checking |
6 |
> > +for collisions. |
7 |
> > |
8 |
> > ... |
9 |
> > |
10 |
> > +All user and group packages must define preferred fixed UIDs/GIDs, |
11 |
> > +and they must be unique within the repository. The packages should |
12 |
> > +indicate whether the value needs to be strictly enforced, or whether |
13 |
> > +another UID/GID is acceptable when the user exists already or requested |
14 |
> > +UID/GID is taken. |
15 |
> > + |
16 |
> |
17 |
> Maybe we should loosen this in the case of enforced UIDs. If two |
18 |
> user-packages truly do require the same fixed UID (for whatever godawful |
19 |
> reason), then obviously they can't be installed on the same machine, but |
20 |
> we could otherwise support both in the repository. |
21 |
|
22 |
I'd rather not permit it up front. We can revisit this if it ever |
23 |
becomes really necessary. |
24 |
|
25 |
> |
26 |
> I don't want to encourage people to add such badly-written software to |
27 |
> the repo, but the alternative is also pretty ugly: if we require the |
28 |
> UIDs to be unique, and if two packages require the same enforced UID, |
29 |
> then whoever commits to ::gentoo first will prevent the other guy from |
30 |
> adding his package later on. |
31 |
|
32 |
The alternative is to prevent user from installing the second package |
33 |
without manually fixing his UID/GID table. This is horrible UX. |
34 |
I suppose patching one of the packages to use another UID/GID is |
35 |
probably better. |
36 |
|
37 |
-- |
38 |
Best regards, |
39 |
Michał Górny |