Re: Package-created usernames

2008-01-31 Thread Ian Jackson
So here's a straw man draft for a decision on package-created usernames: -8<- RUBRIC 1. We exercise our power in Constitution 6.1(1) to specify the contents of Debian policy documents, and that in 6.1(5) to offer our opinion. 2. Maintainers of policy documents should

Re: Package-created usernames

2008-01-10 Thread Ian Jackson
Bdale Garbee writes ("Re: Package-created usernames"): > After digesting the replies here and some off-list discussions, I > now agree that while it is desireable for packages to be flexible about > usernames to support the kinds of situations I described, requiring all >

Re: Package-created usernames

2007-12-30 Thread Bdale Garbee
[EMAIL PROTECTED] (Florian Weimer) writes: > * Bdale Garbee: > >> The second is whether it's acceptable for a Debian package to >> *require* a specific username. > > There are a couple of setuid binaries which might have problems > switching to a more flexible scheme. I fear such a requirement mi

Re: Package-created usernames

2007-12-21 Thread Florian Weimer
* Bdale Garbee: > The second is whether it's acceptable for a Debian package to > *require* a specific username. There are a couple of setuid binaries which might have problems switching to a more flexible scheme. I fear such a requirement might actually reduce overall security. -- To UNSUBSC

Re: Package-created usernames

2007-12-11 Thread Colin Watson
On Tue, Dec 04, 2007 at 09:57:41PM +, Ian Jackson wrote: > On the question of grandfathering, I would suggest that we explicitly > bless at least > - the commonly-known UNIX user and group names > (someone should go through base-files and check the list there) > - existing packages alre

Re: Package-created usernames

2007-12-06 Thread Ian Jackson
Bdale Garbee writes ("Re: Package-created usernames"): > The second is whether it's acceptable for a Debian package to > *require* a specific username. There seems to be at least an > implication that if the namespace clash potential is eliminated or > significant

Re: Package-created usernames

2007-12-05 Thread Marc Haber
On Tue, Dec 04, 2007 at 08:52:34PM -0700, Bdale Garbee wrote: > The second is whether it's acceptable for a Debian package to *require* a > specific username. There seems to be at least an implication that if the > namespace clash potential is eliminated or significantly reduced, that this > would

Re: Package-created usernames

2007-12-05 Thread Bdale Garbee
[EMAIL PROTECTED] (Ian Jackson) writes: > I think we probably have enough bandwidth (or will do shortly) to take > on another item from our todo list. #429671 on username policy seems > to me to be where we can most obviously improve the situation so I'm > going to start there. I believe this bu

Package-created usernames

2007-12-04 Thread Ian Jackson
I think we probably have enough bandwidth (or will do shortly) to take on another item from our todo list. #429671 on username policy seems to me to be where we can most obviously improve the situation so I'm going to start there. The problem which Marc Haber (Exim maintainer) is trying to solve