Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-28 Thread Luis Ressel
On Sun, 22 Feb 2015 18:17:00 +1300 Kent Fredric wrote: > For instance, perhaps a sysadmin simply wants to lock up GCC and make, > having a straight forward way do to that in bashrc would help them > achieve that, without them having to dish out a full ACL/LDAP setup, > and without then needing to

Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-22 Thread Ulrich Mueller
> On Sat, 21 Feb 2015, Ulrich Mueller wrote: > Personally, I think that controlling who is allowed to run certain > types of applications via group membership is a great idea. We should > introduce that approach for other applications too. How about an > "editors" group? Text editors are poten

Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-21 Thread Kent Fredric
On 22 February 2015 at 18:06, Gordon Pettey wrote: > > Protect the permissions on the files, not the editors - there's always > another way to get content into a file if you have write permission to it. > If you try to do that with a g+xo-x, then you're going to have to do the > same for every si

Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-21 Thread Gordon Pettey
On 02/21/2015 01:35 AM, Ulrich Mueller wrote: > Personally, I think that controlling who is allowed to run certain > types of applications via group membership is a great idea. We > should introduce that approach for other applications too. How > about an "editors" group? Text editors are

Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-21 Thread Kent Fredric
On 22 February 2015 at 15:35, Daniel Campbell wrote: > > > > Personally, I think that controlling who is allowed to run certain > > types of applications via group membership is a great idea. We > > should introduce that approach for other applications too. How > > about an "editors" group? Text

Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-21 Thread Daniel Campbell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/21/2015 01:35 AM, Ulrich Mueller wrote: >> On Fri, 20 Feb 2015, Daniel Campbell wrote: > >> When this becomes more widespread, what action are users urged >> to take in order to "migrate" to the new system? Should our >> everyday user acco

Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-21 Thread Ulrich Mueller
> On Fri, 20 Feb 2015, Daniel Campbell wrote: > When this becomes more widespread, what action are users urged to > take in order to "migrate" to the new system? Should our everyday > user account be removed from the `games` group, and the group should > be removed altogether? Currently, user

Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-20 Thread Daniel Campbell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/19/2015 06:19 AM, Ulrich Mueller wrote: > Hi all, As decided by the Council in its 20140812 meeting [1], > every developer is allowed to commit and maintain games ebuilds. > Furthermore: > > | There is consensus amongst council members that sp

[gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries

2015-02-20 Thread Ulrich Mueller
Hi all, As decided by the Council in its 20140812 meeting [1], every developer is allowed to commit and maintain games ebuilds. Furthermore: | There is consensus amongst council members that specific policies | (e.g., games group, /usr/games hierarchy, and games.eclass) should | be settled by the