On Thursday 27 March 2014 13:37:09 Guido Berhoerster wrote:
* Sascha Peilicke <saschpe@mailbox.org> [2014-03-27 12:13]:
On Wednesday 26 March 2014 11:55:51 Guido Berhoerster wrote:
[snip]
So here's what could be done:
- The Factory policies mandate the daemon usernames are in rpmlint's
whitelist. Currently, it's juts a warning.
+ factory-auto will auto-decline packages with useradd/groupadd
including names that aren't part of rpmlint's whitelist
- The packager then discusses with the rpmlint maintainers about the name.
Whatever they conclude with is entirely up to them. They may chose to "just follow upstream" or this OSEP proposal.
This way the Factory review team avoids having to fight a proxy war. The only policy would be "add yourself to rpmlint's whitelist". Of course, I assume Making it completely optional would make this effort pointless...
"optional" is completely wrong vocabulary here. My proposal frees the review team from yet something more people will argue with them. Instead, it becomes a discussion between the rpmlint maintainers (aka security-aware people) and the packager. Isn't that a smart move? Otherwise, if you want to enforce things, it's going to be your task to convince people. Not our war.
since the goal is to have a safe namespace in which admins can create arbitrary user/groupnames without worrying of colliding with system users/groups. Ending up with half of the users/groups using prefixing and the other half not does not gain us anything.
Nobody wants that. Trust me, you'll infuriate a lot of users.
If an upstream is unwilling to at least make it possible to override a user/groupname then we would have to patch it, that is pretty much the same way how we enforce other namespaces such as the filesystem layout. Note that in the vast majority of cases this will not be necessary (see the -packaging thread for some numbers).
You could have it the other way around, too. Move the rpmlint user whitelist into aaa_base or shadow and have 'useradd' & co check against the list of taken users :-D
So IMO this should be enforced for new packages while existing packages could be gradually converted with users/groups in aaa_base as the only exception. As demonstrated by the OpenBSD ports this is entirely possible.
Not really, do you know how man of our users have scripts including, e.g., 'su postgres -c "psql"'? I know of at least one, me.
that those having started the discussion would:
- enhance the factory-auto script - update rpmlint's existing whitelist with what we currently have - add a remark to our packaging policies in the wiki - notify review@opensuse.org that this is in effect
Sure. I'd also be willing to help migrate packages.
-- Viele Grüße, Sascha Peilicke -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org