Hi Ted. Theodore Y. Ts'o - 10.08.18, 02:06: > On Thu, Aug 09, 2018 at 09:10:57PM +0200, Martin Steigerwald wrote: > > Thing is here: It breaks existing workloads. And I have the gut > > feeling, not *just* mine. So no matter what long-standing, > > under-communicated, probably mostly undocumented best practices are > > in place in your opinion, it IMO is likely to produce an uproar > > with users once next Debian version is released. > > Lots of changes break workloads. The question is how common is a > particular change. Heck, people tolerate random perl and pythons > scripts breaking when new versions are released, and that's > considered... OK. > > Given that other Linux distributions have been using the "new" su, I > very much doubt that many people will notice. For that matter, I set
I agree to disagree here. There is no point continuing the argument, as we both have no statistics. Maybe only a few will notice, maybe more will notice… I don´t really know. > Anyway, it's ultimately going to be up to Andreas as the Maintainer, > but perhaps you should try to craft some suggested changes to the > News.Debian.gz file, keeping in mind needs to be *short*. You may > find that it is harder than it seems to write something that is > generally applicable and useful for most users. As Andreas already told he is not interested into adding anything more to the NEWS.Debian file I think its pointless to do so. > > For example how to make available certain environment variables via > > other means: > > > > % cat /etc/sudoers.d/defaults > > Defaults env_keep+=SSH_AUTH_SOCK > > This doesn't belong in documentation for util-linux, and is > *extremely* specific to what you are trying to do. I meant this more like an example. > As it turns out, I do something very differnt which is my .bashrc will > run ~/.ssh-setup, which looks for existing ssh-agents or gpg-agents, > and if it one doesn't exist, it will start one, e.g.: I would not do this for the root user. I so not think it is wise to run a ssh-agent or gpg-agent as root. To avoid that is the whole point of my change to tell sudo to take over the environment for the SSH agent of the user. I don´t even know why I would like searching for any running SSH agent. I choose to have it use exactly the one of the user I run the sudo command as, instead of second guessing. > So there lots and lots of different ways of solving these sorts of > problems, depending on what sort of requirements you might have. > (Mine are designed to work in a very large set of environments, not > all of them running Debian, and for that matter, not all of them are > running Linux....) > > We can't really give these sorts of tips in the util-linux > Documentation. Probably not in NEWS.Debian, but I thought about README.Debian or Releasenotes… anyway… of course it is up to Andreas. Or in upstream documentation. Karel even started to implement whitelisting certain environment variables in su :). Anyway, I have holidays. I have found a solution that works for me. I don´t have the impression of a lot of willingness to accept a patch for upstream documentation at the moment. So for now I am done with it. Thanks. -- Martin
