On Sat, Sep 21, 2024 at 10:48:31AM -0600, Bob Proulx wrote: > > The problem with libnss-extrausers is that it works from files. It > does not use the database. It requires the database to be dumped at > some periodic frequency into files in order for those files to be > updated from the live database with current. > > This introduces a delay between someone, say, adding a new member to > their project group to give them commit access and then having that > access available.
No, it doesn't, because frontend code updates the file when new members are added to the group. ... > Worse is if someone needs to REMOVE a > malicious member from a project. In which case there would be a delay > before that removal became in effect. My experience doesn't suggest that removing members is really more urgent; however, the file is updated the same way when the members are removed. > Introducing user seen delays such as that would be a regression of > functionality over not having any delays at all. Plus the > libnss-mysql library already exists as a mature code base It's an unmaintained code base---you had to fix it, whereas libnss-extrausers works out of box. > that we have been using (and therefore testing) for many years. Agreed. > Both the nss and > the mariadb interfaces are mature, documented, relatively easy > interfaces to use making this an easy code base to maintain locally. libnss-extrausers also uses the nss interface, and the file system interface must be as mature and easy to use as mariadb; libnss-extrausers-based setup is considerably simpler (e.g. as a side effect, it avoids exposing the database access password in yet another place).
signature.asc
Description: PGP signature
