1 |
On Mon, Dec 9, 2019 at 12:17 AM Michał Górny <mgorny@g.o> wrote: |
2 |
|
3 |
> Hello, |
4 |
> |
5 |
> I think the policies proposed in GLEP 81 [1] were overenthusiastic |
6 |
> and they don't stand collision with sad Gentoo developer reality. |
7 |
> Instead of improving the quality of resulting packages, they rather |
8 |
> hamper their adoption and cause growing frustration. |
9 |
> |
10 |
> The problems I see today are: |
11 |
> |
12 |
> |
13 |
> 1. Mailing list reviews hamper the adoption of new user packages. |
14 |
> |
15 |
> Firstly, there are a few developers who obstructively refuse to |
16 |
> communicate with others and especially to use the public mailing lists. |
17 |
> While this is a separate problem, and a problem that needs to be |
18 |
> resolved, this GLEP can't resolve it. Of course, there is no reason to |
19 |
> believe that removing review requirement will actually make them migrate |
20 |
> their packages but it's at least one obstacle out of the way. |
21 |
> |
22 |
> Secondly, even developers capable of communication find the two stage |
23 |
> request-wait-commit workflow inconvenient. At any time, there are |
24 |
> at least a few requests waiting for being committed, possibly with |
25 |
> the developers forgetting about them. |
26 |
> |
27 |
> |
28 |
> 2. Mailing list reviews don't serve their original purpose. |
29 |
> |
30 |
> The original purpose of mailing list reviews was to verify that |
31 |
> the developers use new packages correctly. For example, Michael |
32 |
> Orlitzky has found a lot of unnecessary home directories specified. |
33 |
> Of course, that works only if people submit *ebuilds* for review. |
34 |
> |
35 |
> However, at some points developers arbitrarily decided to send only |
36 |
> numbers for review. This defeats the purpose of the review in the first |
37 |
> place. |
38 |
> |
39 |
> |
40 |
> 3. Cross-distro syncing has no purpose. |
41 |
> |
42 |
> One of the original ideas was to reuse UID/GID numbers from other |
43 |
> distros when available to improve sync. However, given the collisions |
44 |
> between old Gentoo UIDs and other distros, other distros themselves, |
45 |
> non-overlapping user/group names, etc. there seems to be little reason |
46 |
> to actually do it. If we even managed some overlap, it would be minimal |
47 |
> and quasi-random. |
48 |
> |
49 |
> While other distros provide a cheap way of choosing new UID/GID, it |
50 |
> doesn't seem that many people actually use it. Then we hit pretty |
51 |
> absurd situations when someone chooses one UID/GID, somebody else tells |
52 |
> him to use the one from other distro. |
53 |
> |
54 |
> |
55 |
> 4. Assignment mechanism is not collision-prone. |
56 |
> |
57 |
> The secondary goal of mailing list reviews is to prevent UID/GID |
58 |
> collisions. Sadly, it doesn't work there either. Sometimes two people |
59 |
> request the same UID/GID, and only sometimes somebody else notices. |
60 |
> In the end, people have hard time figuring out which number is the 'next |
61 |
> free', sometimes they discover the number's been taken when somebody |
62 |
> else commits it first. |
63 |
> |
64 |
> |
65 |
> All that considered, I'd like to open discussion how we could improve |
66 |
> things. |
67 |
> |
68 |
> My proposal would be to: |
69 |
> |
70 |
> a. split the UID/GID range into 'high' (app) and 'low' (system) |
71 |
> assignments, 'high' being >=100 and 'low' <100 (matching Apache suEXEC |
72 |
> defaults), |
73 |
> |
74 |
> b. UIDs/GIDs in the 'high' range can be taken arbitrarily (recommending |
75 |
> taking highest free), while in the 'low' range must be approved by QA, |
76 |
> |
77 |
> c. no review requirement for the 'high' range, just choose your UID/GID |
78 |
> straight of uid-gid.txt and commit it. |
79 |
> |
80 |
|
81 |
What is the mechanism to keep the uid-gid.txt aligned with tree content? is |
82 |
there a CI check that says I am using the new acct-* eclasses AND I have a |
83 |
UID / GID assigned that is not matching uid-gid.txt? I see the CI has |
84 |
"ConflictingAccountIdentifiers", is this already doing this work (checking |
85 |
that the ebuild matchines uid-gid.txt), or just scanning the whole tree and |
86 |
ensuring that 2 packages don't re-use the same ID? |
87 |
|
88 |
-A |
89 |
|
90 |
|
91 |
> |
92 |
> d. strong recommendation to use matching UID/GID for the same user/group |
93 |
> name. |
94 |
> |
95 |
> WDYT? |
96 |
> |
97 |
> |
98 |
> [1] https://www.gentoo.org/glep/glep-0081.html |
99 |
> |
100 |
> -- |
101 |
> Best regards, |
102 |
> Michał Górny |
103 |
> |
104 |
> |