Am 06.12.2014 um 13:39 schrieb The Wanderer:
> On 12/06/2014 at 05:47 AM, Tomas Pospisek wrote:
>
>> Am 06.12.2014 um 00:55 schrieb Svante Signell:
>>
>>> On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
>
When NFSv4 development sparked the modern Linux keyring data
model, we were
On 12/06/2014 at 05:47 AM, Tomas Pospisek wrote:
> Am 06.12.2014 um 00:55 schrieb Svante Signell:
>
>> On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
>>> When NFSv4 development sparked the modern Linux keyring data
>>> model, we were delighted to switch (and then got very frustrated
>>>
Am 06.12.2014 um 00:55 schrieb Svante Signell:
> On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
>> Svante Signell writes:
>>> On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
On 03/12/14 14:46, Svante Signell wrote:
>>
> If more granularity is needed, what's hindering intr
Svante Signell writes:
> So I wish you a happy life with current (Debian chosen) technology, it
> is perfect! No more problems with bugs popping up or people being unable
> to boot their desktop computers/servers. Merry Christmas :)
Thanks! Yeah, it's a pretty nice present, and I'm quite happy
On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
> Svante Signell writes:
> > On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
> >> On 03/12/14 14:46, Svante Signell wrote:
>
> >>> If more granularity is needed, what's hindering introduction of even
> >>> more groups: like an image
Svante Signell writes:
> On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
>> On 03/12/14 14:46, Svante Signell wrote:
>>> If more granularity is needed, what's hindering introduction of even
>>> more groups: like an image group and splitting the fb0 to more devices?
>>> Or even subdirecto
On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
> On 03/12/14 14:46, Svante Signell wrote:
> > On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote:
> >> The problem with those groups is that they are not fine grained
> >> enough.
> >
> > If more granularity is needed, what's hindering
* Matthias Urlichs [141130 09:22]:
> But on a multi-user system, we can't depend on the first user being any
> sort of special owner; it might just as well be the person whose desk
> the machine is hidden under
I strongly disagree with this. The person performing the installation
clearly has roo
❦ 3 décembre 2014 19:54 +0100, Stephan Seitz
:
>>Feature 2: if the first user created via the installer logs in via a
>>non-local mechanism (typically ssh) [3], they can still play and record
>>audio. If you expect that the first user created via the installer is
>
> Yes, and playing audio via
> Vincent Bernat writes:
> ❦ 3 décembre 2014 16:47 GMT, Ivan Shmakov :
>>> The problem with those groups is that they are not fine grained
>>> enough. For example, the video group gives access to the
>>> framebuffer device (the user can do a screenshot) or to a webcam
>>> (the user
❦ 3 décembre 2014 16:47 GMT, Ivan Shmakov :
> > The problem with those groups is that they are not fine grained
> > enough. For example, the video group gives access to the framebuffer
> > device (the user can do a screenshot) or to a webcam (the user can
> > spy another user). By encoura
On Wed, Dec 03, 2014 at 03:08:55PM +, Simon McVittie wrote:
Feature 2: if the first user created via the installer logs in via a
non-local mechanism (typically ssh) [3], they can still play and record
audio. If you expect that the first user created via the installer is
Yes, and playing aud
On 03/12/14 16:44, Ivan Shmakov wrote:
> > We are talking about the anti-feature of adding UID=1000 to the audio
> > group in the installer.
>
> BTW, what about adding that same user to the ‘sudo’ group (which
> D-I does; or formerly did, IIRC)? Does Logind also take care of
>
> Josselin Mouette writes:
[…]
> We are talking about the anti-feature of adding UID=1000 to the audio
> group in the installer. This is only relevant for desktop
> installations, and all desktop tasks in the same installer bring
> logind (formerly consolekit).
BTW, what about
On 03/12/14 14:46, Svante Signell wrote:
> On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote:
>> The problem with those groups is that they are not fine grained
>> enough.
>
> If more granularity is needed, what's hindering introduction of even
> more groups: like an image group and splittin
> Vincent Bernat writes:
> ❦ 3 décembre 2014 13:55 +0100, Adam Borowski :
[…]
>>> This “adduser first-user audio” was already useless in squeeze and
>>> it hasn’t changed.
>> Only if you run logind or consolekit. Without them (ie, on headless
>> boxes or with classic-type WMs) you
On Wed, 2014-12-03 at 15:49 +0100, Vincent Bernat wrote:
> ❦ 3 décembre 2014 15:46 +0100, Svante Signell :
>
> >> The problem with those groups is that they are not fine grained
> >> enough. For example, the video group gives access to the framebuffer
> >> device (the user can do a screenshot)
On 03/12/14 14:28, Bjørn Mork wrote:
> Josselin Mouette writes:
>> We are talking about the anti-feature of adding UID=1000 to the audio
>> group in the installer.
>
> Are we? I was talking about making audio work for the first-user. I
> see that as a feature.
It's a trade-off between utility
❦ 3 décembre 2014 15:46 +0100, Svante Signell :
>> The problem with those groups is that they are not fine grained
>> enough. For example, the video group gives access to the framebuffer
>> device (the user can do a screenshot) or to a webcam (the user can spy
>> another user). By encouraging t
Quoting Josselin Mouette (2014-12-03 14:40:48)
> Bjørn Mork wrote:
>> We support non-systemd-as-pid-1 configurations, but they still run
>> logind through systemd-shim.
>
> systemd-shim is not essential. You can still install jessie without
> systemd, and hence without running logind.
>
> This
On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote:
> ❦ 3 décembre 2014 13:55 +0100, Adam Borowski :
>
> >> In both cases (systemd-sysv or systemd-shim), ACLs should be correctly
> >> set for the current user.
> >>
> >> This “adduser first-user audio” was already useless in squeeze and it
Quoting Vincent Bernat (2014-12-03 14:25:47)
> ❦ 3 décembre 2014 13:55 +0100, Adam Borowski :
>
>>> In both cases (systemd-sysv or systemd-shim), ACLs should be
>>> correctly set for the current user.
>>>
>>> This “adduser first-user audio” was already useless in squeeze and
>>> it hasn’t chan
Josselin Mouette writes:
> Bjørn Mork wrote:
> > We support non-systemd-as-pid-1 configurations, but they still run
> > logind through systemd-shim.
>
> systemd-shim is not essential. You can still install jessie without
> systemd, and hence without run
Bjørn Mork wrote:
> We support non-systemd-as-pid-1 configurations, but they still run
> logind through systemd-shim.
systemd-shim is not essential. You can still install jessie without
systemd, and hence without running logind.
This is completely off-t
❦ 3 décembre 2014 13:55 +0100, Adam Borowski :
>> In both cases (systemd-sysv or systemd-shim), ACLs should be correctly
>> set for the current user.
>>
>> This “adduser first-user audio” was already useless in squeeze and it
>> hasn’t changed.
>
> Only if you run logind or consolekit. Witho
On Wed, Dec 03, 2014 at 01:01:12PM +0100, Josselin Mouette wrote:
> Wouter Verhelst wrote:
> On Sun, Nov 30, 2014 at 03:02:51PM +0100, Matthias Urlichs wrote:
> > The default should be safe.
>
> No.
>
> The default should be as safe as we can make
Josselin Mouette writes:
> We don’t support non-logind configurations.
You might not. AFAICS, Debian does.
> We support non-systemd-as-pid-1 configurations, but they still run
> logind through systemd-shim.
systemd-shim is not essential. You can still install jessie without
systemd, and hen
Wouter Verhelst wrote:
On Sun, Nov 30, 2014 at 03:02:51PM +0100, Matthias Urlichs wrote:
> The default should be safe.
No.
The default should be as safe as we can make it without becoming
inconvenient.
As long as we still
On Sun, Nov 30, 2014 at 03:02:51PM +0100, Matthias Urlichs wrote:
> The default should be safe.
No.
The default should be as safe as we can make it without becoming
inconvenient.
As long as we still support non-logind configurations (and I believe we
still do at this point), having the first use
On Mon, Dec 01, 2014 at 02:10:09AM +0100, Andreas Bombe wrote:
> On Sun, Nov 30, 2014 at 04:40:21PM +, Ivan Shmakov wrote:
> > > Josselin Mouette writes:
> > > * Other users only have access to audio devices through ACLs when
> > > physically logged on.
> >
> > Unless I be mistaken,
On Sun, Nov 30, 2014 at 04:40:21PM +, Ivan Shmakov wrote:
> > Josselin Mouette writes:
> > * Other users only have access to audio devices through ACLs when
> > physically logged on.
>
> Unless I be mistaken, ACLs are only applied at the time of
> open(2). What about the pr
Hi,
The Wanderer:
> Thus, having systemd provide power management would at best have no
> effect, more likely increase the likelihood of power-management bugs
> (and make documenting power-management behavior harder),
You're forgetting a few things here.
* The idea is for all the legacy code to
> Josselin Mouette writes:
> Le dimanche 30 novembre 2014 à 12:50 +, Ivan Shmakov a écrit :
[…]
>> For home installs, I see no reason for the owner of the device to be
>> /denied/ access to the sound card just because of using SSH. Why,
>> it’s exactly what I do. (I even did thi
On Sunday, 30 de November de 2014 13:55:04 Vincent Bernat escribió:
> ❦ 30 novembre 2014 12:50 GMT, Ivan Shmakov :
> > > PolicyKit rely on logind to know if a user is locally connected. A
> > > non-local user won't be allowed things like network management, local
> > > device mounting or soun
❦ 30 novembre 2014 14:53 +0100, Josselin Mouette :
>> That looks like a problem to solve, not a feature.
>>
>> For home installs, I see no reason for the owner of the device
>> to be /denied/ access to the sound card just because of using
>> SSH. Why, it’s exactly what I do
On 11/30/2014 at 06:56 AM, Vincent Bernat wrote:
> ❦ 30 novembre 2014 10:10 GMT, Ivan Shmakov :
>
>>> Directly: DEs provide more useful features (especially power
>>> management) with systemd but will work correctly without.
>>
>> I see nothing in the ‘apcupsd’ changelog [1] (which is about the
Hi,
Ivan Shmakov:
> I agree that the issue gets trickier for multiuser hosts, but
> I’m pretty sure that there still will be at least one user for
> whom no such access restrictions should apply, – irrespective of
> his or her “login locality.”
>
The access groups are stil
❦ 30 novembre 2014 12:50 GMT, Ivan Shmakov :
> > PolicyKit rely on logind to know if a user is locally connected. A
> > non-local user won't be allowed things like network management, local
> > device mounting or sound card access.
>
> That looks like a problem to solve, not a feature.
Le dimanche 30 novembre 2014 à 12:50 +, Ivan Shmakov a écrit :
> > PolicyKit rely on logind to know if a user is locally connected. A
> > non-local user won't be allowed things like network management, local
> > device mounting or sound card access.
>
> That looks like a problem to
> Vincent Bernat writes:
> ❦ 30 novembre 2014 10:10 GMT, Ivan Shmakov :
[…]
>> Or does the above concerns the users of “normally battery-powered”
>> devices instead?
> Previously, every DE would need to reimplement power management.
> Now, this is handled by systemd (and hence not
On Sun, 30 Nov 2014, Vincent Bernat wrote:
> A side-effect is that power management got a lot easier and reliable for
> people not using GNOME, thanks to systemd.
As a XFCE user, I have to contradict this statement. It is still a
pain because xfce and systemd still don't act completely properly
to
❦ 30 novembre 2014 10:10 GMT, Ivan Shmakov :
> > Directly: DEs provide more useful features (especially power
> > management) with systemd but will work correctly without.
>
> I see nothing in the ‘apcupsd’ changelog [1] (which is about the
> only package related to power managemen
> Josselin Mouette writes:
> Le samedi 29 novembre 2014 à 16:37 +, Ivan Shmakov a écrit :
> Josselin Mouette writes:
[…]
>>> Desktops (not only GNOME) use a very tiny bit of systemd,
>>> interfaces that could be provided elsewhere.
>> Is that “use” as in “if available” or is
43 matches
Mail list logo
