unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
From: "Thompson, David" <dthompson2@worcester.edu>
To: Maxime Devos <maximedevos@telenet.be>
Cc: 56444@debbugs.gnu.org
Subject: bug#56444: [EXT] Re: [EXT] Re: bug#56444: Patch to fix Gitolite home directory permissions
Date: Mon, 29 Aug 2022 09:30:58 -0400	[thread overview]
Message-ID: <CAJ=RwfZz7U3k9CaxkpjSQqcDcMRGXx4BQNwnVh_Mv1_AVnpPFg@mail.gmail.com> (raw)
In-Reply-To: <31e8c6df-a9c9-7f16-69fb-e022d94c16ff@telenet.be>

[-- Attachment #1: Type: text/plain, Size: 1823 bytes --]

On Mon, Aug 29, 2022 at 9:19 AM Maxime Devos <maximedevos@telenet.be> wrote:

> On 29-08-2022 14:57, Thompson, David wrote:
>
> > I disagree.  I believe we shouldn't let perfect be the enemy of the good.
>
> I don't think your patch counts as "good" here -- while fixing the bug
> counts as "good", you are at the same time introducing a new bug (the
> non-atomicity), which is bad.  You would have to weigh the goodness and
> the badness to end up with an overall "good" (or maybe "bad", depending
> on the conclusion), but I'd think that the time required to do such a
> weighing is better spent by doing a tiny bit of extra effort to
> implement the new field (it should be very low effort, see other response).
>

My patch has a very limited scope of only changing the gitolite service.
Your proposal has a much greater scope of modifying a core structure used
for system configuration.  The new bug you mention is only bad in a
theoretical sense.  In practice, the permission bits are misconfigured for
a blip of time during system reconfiguration, which is a lot better than
being misconfigured all the time which is the status quo.  It's the
difference between a gitolite that works nicely with cgit/gitweb and one
that doesn't. I agree that it's a good goal to improve atomicity and I
think making <user-account> more general to allow for different permission
bits on the home directory is a good idea, but I see it as one step removed
from fixing this particular bug.  My patch follows the recommended approach
outlined in a comment in (gnu build activation) written by Ludovic in 2019:

      ;; Always set ownership and permissions for home directories of system
      ;; accounts.  If a service needs looser permissions on its home
      ;; directories, it can always chmod it in an activation snippet.

- Dave

[-- Attachment #2: Type: text/html, Size: 2321 bytes --]

  reply	other threads:[~2022-08-29 13:32 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-07 21:35 bug#56444: Gitolite home directory permissions Evgeny Pisemsky
     [not found] ` <handler.56444.B.165722972531874.ack@debbugs.gnu.org>
2022-07-08  8:10   ` bug#56444: Acknowledgement (Gitolite home directory permissions) Evgeny Pisemsky
2022-08-19 13:32 ` bug#56444: Patch to fix Gitolite home directory permissions Thompson, David
2022-08-23 12:41   ` Maxime Devos
2022-08-23 14:45     ` Thompson, David
2022-08-29 12:49       ` Thompson, David
2022-08-29 12:52         ` Maxime Devos
2022-08-29 12:57           ` bug#56444: [EXT] " Thompson, David
2022-08-29 13:09             ` Maxime Devos
2022-08-29 13:11             ` Maxime Devos
2022-08-29 13:19             ` Maxime Devos
2022-08-29 13:30               ` Thompson, David [this message]
2022-08-29 13:44                 ` bug#56444: [EXT] " Maxime Devos
2022-08-29 13:59                   ` bug#56444: [EXT] " Thompson, David
2022-08-29 21:05                     ` zimoun
2022-08-30 15:20                     ` bug#56444: " Ludovic Courtès
2022-08-30 16:39                       ` bug#56444: [EXT] " Thompson, David
2022-08-30 18:31                       ` david larsson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJ=RwfZz7U3k9CaxkpjSQqcDcMRGXx4BQNwnVh_Mv1_AVnpPFg@mail.gmail.com' \
    --to=dthompson2@worcester.edu \
    --cc=56444@debbugs.gnu.org \
    --cc=maximedevos@telenet.be \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).