| 1 |
On Wed, 2019-06-12 at 22:21 -0400, Michael Orlitzky wrote: |
| 2 |
> On 6/9/19 7:39 AM, Michał Górny wrote: |
| 3 |
> > + |
| 4 |
> > +All new users and groups must have unique UIDs/GIDs assigned |
| 5 |
> > +by developers. The developer adding them is responsible for checking |
| 6 |
> > +for collisions. |
| 7 |
> > |
| 8 |
> > ... |
| 9 |
> > |
| 10 |
> > +All user and group packages must define preferred fixed UIDs/GIDs, |
| 11 |
> > +and they must be unique within the repository. The packages should |
| 12 |
> > +indicate whether the value needs to be strictly enforced, or whether |
| 13 |
> > +another UID/GID is acceptable when the user exists already or requested |
| 14 |
> > +UID/GID is taken. |
| 15 |
> > + |
| 16 |
> |
| 17 |
> Maybe we should loosen this in the case of enforced UIDs. If two |
| 18 |
> user-packages truly do require the same fixed UID (for whatever godawful |
| 19 |
> reason), then obviously they can't be installed on the same machine, but |
| 20 |
> we could otherwise support both in the repository. |
| 21 |
|
| 22 |
I'd rather not permit it up front. We can revisit this if it ever |
| 23 |
becomes really necessary. |
| 24 |
|
| 25 |
> |
| 26 |
> I don't want to encourage people to add such badly-written software to |
| 27 |
> the repo, but the alternative is also pretty ugly: if we require the |
| 28 |
> UIDs to be unique, and if two packages require the same enforced UID, |
| 29 |
> then whoever commits to ::gentoo first will prevent the other guy from |
| 30 |
> adding his package later on. |
| 31 |
|
| 32 |
The alternative is to prevent user from installing the second package |
| 33 |
without manually fixing his UID/GID table. This is horrible UX. |
| 34 |
I suppose patching one of the packages to use another UID/GID is |
| 35 |
probably better. |
| 36 |
|
| 37 |
-- |
| 38 |
Best regards, |
| 39 |
Michał Górny |
Archives