This change is well-considered and includes detailed reasoning to support it. Looks good to me.
I think the change proposal should be renamed, though, since authselect would clearly not *actually* be mandatory. Of course you'll risk severe breakage if you turn it off and edit these low-level configurations directly, but that is really no different than it was before.
On Tue, Oct 12 2021 at 11:45:28 AM -0400, Neal Gompa <ngompa13@xxxxxxxxx> wrote:
PAM gained support for systemd-style overlay configuration some time ago. Actually a number of core system components did, if the libeconf dependency is turned on. Instead of forcing authselect, we should probably make sure base functional configuration is shipped in something like /usr/share/pam/pam.d or something like that.
That is not possible with nsswitch.conf, though. This proposal is a good solution to the problems we've had with correctly maintaining nsswitch.conf. The status quo (see "Therefore we can split users into four groups:" in the change proposal) is just not good compared to Fedora's usual quality standards, and this change proposal would address all of the problems we've had. Also, I'm pretty sure the scriptlets we currently rely on to maintain correct configurations just do not work at all on Silverblue/Kinoite/CoreOS (where editing /etc in RPM scriplets just does not work), and I suspect nobody really knows what the situation there is for users who have upgraded from older releases.
Michael _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
