On Tue, Dec 10, 2024 at 09:24:15PM +0100, Marc Haber wrote:
>
> But things are moving by shadow upstream taking a user-hostile stance,
> willing to take away freedom. I must be fine with that because I
> cannot change it. But I don't need to like it.
As a suggestion, we might make more forward progress if we assume good
faith and accept that other people might have different priorities
than others. I could easily see shadow, being a security-related
package, would consider encouraging something that could lead to
security bugs or just other random breakage, as "user-hostile".
I am reminded of Professor Jerome Saltzer, who was responsible for the
overall technical architecture for MIT's Project Athena, insisting
that he be assigned the username Saltzer. He theorized that while
this *would* cause breakage (for a long time, usernames were assumed
to be always lowercase ASCII, and given that e-mail localparts where
case insensitive, and usernames were case sensitive), but since he was
(a) a Professor, and (b) responsible for the technical architecture
for Project Athena, that when problems inevitably showed up, that
programmers would be incentivized to fix them. As I recall, we didn't
let students chose mixed-case usernames for a while, since there was
presumed to be breakage; Professor Saltzer's username was a special
case.
If there are brave people who want to use Unicode characters (for
bonus points, they could try using "unofficial" characters such as the
Klingon script), they could be the first to find bugs, and report
them. And if they suffer from security breaches, they would know what
they were getting into. (And we salute them for their courage. :-)
Perhaps at some future stable Debian release (not Trixie), we could
enable it by default. But I really do think we need to do some
technical work, including not requring adding libunicode as a required
package, but having a minimal security unicode library that can be
used by privileged programs first.
Cheers,
- Ted
