[Steve, your thoughts welcome]
>>>>> "Johannes" == Johannes Schauer Marin Rodrigues <jo...@debian.org> writes:
Johannes> Quoting Johannes Schauer Marin Rodrigues (2021-08-28
Johannes> 10:03:49)
>> Unfortunately, only the patch in the original message got applied
>> in 1.4.0-10 but I posted an updated patch in message #23 of that
>> bug.
>>
>> I attached a patch containing the remaining required changes.
Johannes> For your convenience, I created a merge request on salsa
Johannes> (and closed the old one):
This seems... fragile. In order for this patch to work, you're also
asking the pam maintainers going forward to think differently about all
file accesses in maintainer scripts.
I don't know that I'm going to be able to do that.
Also, in my experience as a designer, that is a strong indication that
things are happening at the wrong layer.
This seems like an argument for a fakeroot-like thing, or support from
the kernel or filesystem or something, or from a library we're using for
file access.
Having to pay attention to this detail at every layer seems fragile.
\
I appreciate that you value being able to do things purely in userspace
without root.
I want to stress that I haven't really been sold on that at all.
The compelling argument for me was architectures where qemu was not
available.
I also regret that I didn't see the implications of this from the
beginning.
The changes to pam-auth-update seemed less intrusive because of the
structure of the code.
--Sam
