DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=t3/gFPSNOyjkKyV108QqEzNNhj9nWRk8ijNz31Nb3xMJ/mjVFTBVl
	s/rl/X91pAM36N/6o8lv0+64noJ0na4kt4X41Aa14P3nBcdzjPHoTB2s4Cwl/6gR
	xV9hCpuzJhucbFcyMULQ/uC/eUuN0kKaMm78tZFeQFbdm8w7xnYDzs=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Date: Mon, 10 Nov 2014 11:51:51 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 1.7.33-0.6
Message-ID: <20141110105151.GB2782@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <545B17B8.5010509@t-online.de> <20141106164915.GG28195@calimero.vinschen.de> <545BBF4B.4020400@t-online.de> <20141106185019.GK28195@calimero.vinschen.de> <545BD14A.8080803@t-online.de> <20141106200635.GP28195@calimero.vinschen.de> <20141106204222.GQ28195@calimero.vinschen.de> <545C68BA.3050007@t-online.de> <20141107101659.GU28195@calimero.vinschen.de> <545D30DA.9040507@t-online.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y"
Content-Disposition: inline
In-Reply-To: <545D30DA.9040507@t-online.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
Note-from-DJ: This may be spam

--xgyAXRrhYN0wYx8y
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov  7 21:51, Christian Franke wrote:
> Corinna Vinschen wrote:
> >>>In theory there should be only one option -l [machine], which prints t=
he
> >>>local accounts of the current machine unprefixed (standalone machine) =
or
> >>>prefixed (domain machine), and always prefixed for a foreign machine.
> >>>The -L option can just go away.
> >>I disgree.
> >>
> >>Why not keep the old behavior of -l/-L for user names of current machin=
e for
> >>those uses cases which rely on it?
> >You are always free to change the passwd/group files manually:
> >
> >   $ mkpasswd -l | sed -e 's/^[^:]*+//' > /etc/passwd
>=20
> Of course, and it is good that this is still possible. But this would
> require that all existing scripts relying on old behavior need to be
> changed.
>=20
> I still don't understand why this backward compatibility break of "mkpass=
wd
> -l" was mandatory.
>=20
> Most *-config scripts using "mkpasswd -l -u USER" may need to be changed.

Definitely.  The change is inevitable since most scripts using mkpasswd
or mkgroup do so to create entries in /etc/passwd and /etc/group.  But
this doesn't make sense anymore, or if so, only marginally so.

> Local scripts from Cygwin users which use "mkpasswd -l" may need to be
> changed.

They are not supposed to use mkpasswd anymore since they don't need it,
only in very special circumstances.  And then I expect that they will
have to change the created files manually anyway.

> Scripts tested by maintainers only outside a domain may no longer
> work inside a domain.

Hang on.  If you think this through, what is the supposed end result?
What's the naming scheme you're proposing for local and domain accounts?

The default is supposed to be not using the passwd and group files
anymore.  The account databases are not maintained by Cygwin, they are
maintained by the outside Windows world.  In multi-domain environments,
collisions will occur if the naming scheme doesn't take the domain into
account.  Local accounts may (well, do) collide with domain accounts.

What you say here sounds like the existing naming scheme (just use the
user name and note it in /etc/passwd) is the one which we have to keep
for backward compatibility, at least as default.

> An IMO better way would be to keep the old "mkpasswd -l" behavior and inv=
ent
> a new option for the output with the new non-domain/domain prefix handlin=
g.
>=20
> Then  a user would be able to "opt-in" for "local users of a domain machi=
ne
> always have a prefix" by
>   $ mkpasswd --the-new-local-option > /etc/passwd
> or even simpler:
>   $ > /etc/mkpasswd
>=20
> A user could "opt-out" by simply keeping all everything as-is for now :-)

Which means, everybody opts out be default.  The new default is the
old default and nobody uses the "db" method since /etc/passwd and
/etc/group files are "good enough".

> This IMO would provide a much smother migration path.

IMHO this would not provide a migration path at all.  It would just
cement the status quo.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--xgyAXRrhYN0wYx8y
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUYJjHAAoJEPU2Bp2uRE+gtfwP/0tO363neSJd+Nq9c8ADHSOb
6h+97HDZNQ5B43AsKBEmZTI00a8Y0Jm2KUluvAr7nEYrEFYwFsNOcCk+90MR6OZ7
SaJYGvHSXdfiDr8yVJyoPZdTykwuW8ps2UaIk9qOtqNuL8Y8XhUGTYQy5tCwAjXq
jPdbi7hnX5QWAk8arXobq89fu31TizO7qVDJmxjMOemNecJES2DfYaEReVCFWenp
i2U1sdMlHxz8iAnmxy6h85VbFqJCiWpS2K0B4UJq+wGbckZecOPCJBolvIoNZQOh
fh0ENq9ENQA/HqqSgYDFqjuXJuEem7UWCqQoRNdCd6xzYfjqjD1GmXsAxMBFEqbZ
kIzK1OHMmydH5EyBj70tiuFHLR2nr/r6tU9Gnw31ixLC7Gf/bEt7xfKmn6ZDdFcO
3e5/Y/3YHy/7T6T1gfzdPBzWIGvhzkRvJ0obuKHDLVO8q6Y2COrXi0bI07hMJekN
DJVJVOJABGecJoUCFMTgYWtV79w0kJpfgXtoJF3g8Z+cNCOUTbNp4kFeVc+1kVDb
YGOaYb/XYscgerx1je6W9gl5vJW1JoPAibjXwXV6ozjZ3I8BQriEK08Rf/arMLrh
2gq406uB1ch70RdXtlUzn7M7jR8jRUAtHXq4bkqAJyB8gMbuiNY1ePQ0SlU8mw3b
8k07vx3Z3ZH6r5H8LwRq
=4u2h
-----END PGP SIGNATURE-----

--xgyAXRrhYN0wYx8y--