Bug#583958: pam_umask --enable-usergroups compile-time option
Hi Chris, On Sun, May 03, 2020 at 10:10:48PM +0200, Chris Hofstaedtler wrote: > * Andreas Henriksson : > > Given almost 2 months has passed without a comment I assume it's > > up to me to NMU the changes, which I'll be doing if I don't > > hear anything in the next couple of weeks. > > Subtle ping? (No need to be subtle towards me atleast.) I should probably get this done, but apart from lacking motivation there are possibly some other things to consider for a NMU. - there are several open issues that each by themselves possibly motivaties a NMU. How many of them should be bulked together? How many should be left out? See eg. #948188 (xcrypt support), #674857 (securetty warnings in default configuration), etc, etc - Should we bother backporting patches, upload a snapshot, or wait for a new release? Up until recently I would have claimed waiting for a new release is pointless, but recently there has actually been some signs that upstream is willing to do a release - apparently they are now (only?) waiting for translation updates to happen. [1] Hopefully the release actually happens before bullseye freeze, but maybe I'm just being too optimistic about ever seeing a new upstream release of pam. - I guess I should also mention the possibility for different interpretation of this bug report. I personally only care about "sane defaults" (as I doubt anyone really cares to override the distro-default setting). Others however might more strongly care about how the setting is configured, which IMNSHO is what this bug report derailed and was misinterpretted into being discussed (and subsequentially caused it to linger for a decade). Finally all above discussion points are IMO just symptoms of the lack of maintenance. There has previously been discussion with someone who had been willing to maintain pam outside of debian for years who I thought would be good to recruit instead of push away like this, but there where no input and when we finally discussed starting the salvaging process there where strong objections from current maintainers.[2] I'm not sure how to proceed or if I even want to dig up the motivation for it, so if someone feels they want to go ahead then don't hold your breath waiting for me. Just do it! I would love to see this (and possibly other) issues finally fixed before bullseye freeze. Some feedback to the above mentioned points from anyone who has the time to consider the overall picture could possibly also go a long way for motivating me into proceeding myself. Regards, Andreas Henriksson [1]: https://github.com/linux-pam/linux-pam/issues/141#issuecomment-595121614 [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821408#37
Bug#583958: pam_umask --enable-usergroups compile-time option
* Andreas Henriksson : > Given almost 2 months has passed without a comment I assume it's > up to me to NMU the changes, which I'll be doing if I don't > hear anything in the next couple of weeks. Subtle ping? Thanks, Chris
Bug#583958: pam_umask --enable-usergroups compile-time option
Hello, On Fri, Jan 10, 2020 at 01:34:20PM +0100, Andreas Henriksson wrote: [...] > Please let me know if the above is satisfactory and if you'd like me to > send a merge-request for an updated packaging! I assume you've already noticed, but for the record https://salsa.debian.org/vorlon/pam/-/merge_requests/3 was opened shortly after sending the above quoted mail. > If you happen to see any other outstanding issues you think are blockers > for this please also let me know about those! Given almost 2 months has passed without a comment I assume it's up to me to NMU the changes, which I'll be doing if I don't hear anything in the next couple of weeks. Regards, Andreas Henriksson
Bug#583958: pam_umask --enable-usergroups compile-time option
Hello, I'm interested in seeing this issue fixed, or atleast the sane-defaults part of it. (I also happen to have a general view that defaults should be built-in defaults, not overridden-builtin-defaults-by-shipping-a-conffile-defaults.) Fixing the core issue here seems to have gotten stuck on where the configuration should live. I'd rather see no configuration by default and just have a sane built-in default. Upstream seems to have agreed that supporting setting the default at compile-time is a good idea, so support for a --enable-usergroups configure flag has been added upstream in commit 41e2c34bd01932fe55a32b3aa94ab https://github.com/linux-pam/linux-pam/commit/41e2c34bd01932fe55a32b3aa94aba5c0f9d2343 Hopefully noone sees a problem with cherry-picking this commit and using the --enable-usergroups configure flag in the debian packaging, which would let Debian users finally have a working out-of-the-box experience with pam_umask. The discussion about where the configuration should live for those who want to override the default can continue separately without blocking having a sane default setting. I suspect very few people are actually interested in overriding this setting (and any previous interest is basically from those who wanted to fix the buggy default as shipped in Debian). (See also supplementary commits: https://github.com/linux-pam/linux-pam/commit/b92d8459e788233223e328ab0e79980e3cd44d97 https://github.com/linux-pam/linux-pam/commit/fe93034d2a9b2f1f7a677e8d49a6da2e9dce9cb1 These was requested by upstream and Debian maintainers might decide to also take these to allow disabling usergroups once enabled by default, or to carry the previously discussed login.defs patch which would also allow disabling usergroups. ) Please let me know if the above is satisfactory and if you'd like me to send a merge-request for an updated packaging! If you happen to see any other outstanding issues you think are blockers for this please also let me know about those! Regards, Andreas Henriksson
