1 |
Hello, |
2 |
|
3 |
I think the policies proposed in GLEP 81 [1] were overenthusiastic |
4 |
and they don't stand collision with sad Gentoo developer reality. |
5 |
Instead of improving the quality of resulting packages, they rather |
6 |
hamper their adoption and cause growing frustration. |
7 |
|
8 |
The problems I see today are: |
9 |
|
10 |
|
11 |
1. Mailing list reviews hamper the adoption of new user packages. |
12 |
|
13 |
Firstly, there are a few developers who obstructively refuse to |
14 |
communicate with others and especially to use the public mailing lists. |
15 |
While this is a separate problem, and a problem that needs to be |
16 |
resolved, this GLEP can't resolve it. Of course, there is no reason to |
17 |
believe that removing review requirement will actually make them migrate |
18 |
their packages but it's at least one obstacle out of the way. |
19 |
|
20 |
Secondly, even developers capable of communication find the two stage |
21 |
request-wait-commit workflow inconvenient. At any time, there are |
22 |
at least a few requests waiting for being committed, possibly with |
23 |
the developers forgetting about them. |
24 |
|
25 |
|
26 |
2. Mailing list reviews don't serve their original purpose. |
27 |
|
28 |
The original purpose of mailing list reviews was to verify that |
29 |
the developers use new packages correctly. For example, Michael |
30 |
Orlitzky has found a lot of unnecessary home directories specified. |
31 |
Of course, that works only if people submit *ebuilds* for review. |
32 |
|
33 |
However, at some points developers arbitrarily decided to send only |
34 |
numbers for review. This defeats the purpose of the review in the first |
35 |
place. |
36 |
|
37 |
|
38 |
3. Cross-distro syncing has no purpose. |
39 |
|
40 |
One of the original ideas was to reuse UID/GID numbers from other |
41 |
distros when available to improve sync. However, given the collisions |
42 |
between old Gentoo UIDs and other distros, other distros themselves, |
43 |
non-overlapping user/group names, etc. there seems to be little reason |
44 |
to actually do it. If we even managed some overlap, it would be minimal |
45 |
and quasi-random. |
46 |
|
47 |
While other distros provide a cheap way of choosing new UID/GID, it |
48 |
doesn't seem that many people actually use it. Then we hit pretty |
49 |
absurd situations when someone chooses one UID/GID, somebody else tells |
50 |
him to use the one from other distro. |
51 |
|
52 |
|
53 |
4. Assignment mechanism is not collision-prone. |
54 |
|
55 |
The secondary goal of mailing list reviews is to prevent UID/GID |
56 |
collisions. Sadly, it doesn't work there either. Sometimes two people |
57 |
request the same UID/GID, and only sometimes somebody else notices. |
58 |
In the end, people have hard time figuring out which number is the 'next |
59 |
free', sometimes they discover the number's been taken when somebody |
60 |
else commits it first. |
61 |
|
62 |
|
63 |
All that considered, I'd like to open discussion how we could improve |
64 |
things. |
65 |
|
66 |
My proposal would be to: |
67 |
|
68 |
a. split the UID/GID range into 'high' (app) and 'low' (system) |
69 |
assignments, 'high' being >=100 and 'low' <100 (matching Apache suEXEC |
70 |
defaults), |
71 |
|
72 |
b. UIDs/GIDs in the 'high' range can be taken arbitrarily (recommending |
73 |
taking highest free), while in the 'low' range must be approved by QA, |
74 |
|
75 |
c. no review requirement for the 'high' range, just choose your UID/GID |
76 |
straight of uid-gid.txt and commit it, |
77 |
|
78 |
d. strong recommendation to use matching UID/GID for the same user/group |
79 |
name. |
80 |
|
81 |
WDYT? |
82 |
|
83 |
|
84 |
[1] https://www.gentoo.org/glep/glep-0081.html |
85 |
|
86 |
-- |
87 |
Best regards, |
88 |
Michał Górny |