From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Fri, 14 Mar 2025 10:18:12 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-io1-f58.google.com (mail-io1-f58.google.com [209.85.166.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 52E9IBTd030834 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 14 Mar 2025 10:18:11 +0100 Received: by mail-io1-f58.google.com with SMTP id ca18e2360f4ac-849d26dd331sf332255239f.1 for ; Fri, 14 Mar 2025 02:18:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1741943885; cv=pass; d=google.com; s=arc-20240605; b=h2wXQOrHoRZDjOYdsp4SEwkFhAm/t8Pf4BwEfejrklybwAZOnJQZQBZp9CTXReUOIP VBxtkdiqsLfML9FEKYytAA0m3J83j0aW/en+STJdBlZNfqmqfepUT9XYWib51aZx3TEm L9P9CN9BOJb6KATPwdxcpc3oxhzJoYFV983PkxY0lvUZ2MDqTgYJHGC/Zwsbw/BaN3G8 ocip7HOazYZ2x7Om/teihVw17LgvlT22JWjVARKxc1Du1PUqlfBW9QAXvSmO2S9xpmlK uYEQ5rGtDzFpwQgFYxtSzMol8lqp2z7WLJVjGd8Ad6YMWY0dg6nV1HLQ0tMrRu2T1S+a CW+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=k25vHo+SuX9WXQxCBTTfhIH2v1nx8V62o1tJzFYzYzE=; fh=5v4v9jooDkzmVmSgC1f4DREJx7dKkqIrzfFFDtsHyPk=; b=kghkbxSVMAyGHxlqjoLSfskMChLKbIA9CgcOuVTfHoOrrvoXeifOp9mx1pDsaqUl+T TuYFRCh3UevGwgP6RK0F8/Mi9+JD86ZlwOLJYoTyn0WvHV9tZpO79abVPbM0Or7Rmfs4 kZauCNtP0/Sj3WXmBTNydnKx6/1Qw9k8eBI5cm7kR1q8Jr6W/jV+flz3N8pxsveKwmj0 CKa/iHpfcE+hc+1HLmiTRAag0PE52malp750aEokif1jpUi05oM7C03KUdPd+uXE5kya 5J+FkJCaTsqtkOatC95ny7MRETrLwhp2mN3bjPsjDfjLPE5oJTSXgFDTnkthLM4/Tu9n 9QWQ==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FAXeYEa2; spf=pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::b33 as permitted sender) smtp.mailfrom=roberto.foglietta@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1741943885; x=1742548685; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=k25vHo+SuX9WXQxCBTTfhIH2v1nx8V62o1tJzFYzYzE=; b=RL9R/TL1MxikV5B1iCTwsGKzaeZv8NZiEeuEj3uEBjLW7+kJxhdEx3BXh5MDy2OEx8 A506Tsl2QNpmuUN6qbJwFnOrxySUJyyB+oUHYsYTcmbaA+2Ew/GAv7vacYBYjmAIomQ+ gqeDJDUjD3FcNz3txRECQvjJQUiOB2afa+IyvfBIjSI0eWjpgClm+343qlCHvUH/ZX4d U92SlahBTsAzHw7DQA9F1rJb5L7tG9tUVAh2JRHOzHqtknQo+35CvVBy6ZnU2yBLXGUw yBP7sUipCBoRC0qszYDYTcQhjzqnvH0j8uGdVik4MbpGeqwH1G2+aiOI31mINHa/jFqL 5f0A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741943885; x=1742548685; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=k25vHo+SuX9WXQxCBTTfhIH2v1nx8V62o1tJzFYzYzE=; b=ATcFzZVPiUdgQih6KMUXkniDQom5GzMyNlWOK3VqiFxH+d9mBxsFnYxAPBU9Tkyya5 60ahK1q5M1YGAwOIRtEIKbXpP3ivd6VfBQvzVAuF5yffdOFrCX1tSKg1QZPEz6HjtYzI pkF9T0sUZrT5+xQGSXXmnPTv58ZJXyo3+oP4PqwLfxqYkIRPu/PM3OSIokxIdt8IvmdX sWF9bxdWtFJ2VG5JGw39aMgG5V559wV0vpMt/LXoqMSc9vKVY+OtVmIIpljj6CNRNm0K AbpTfp5sxrmta88mqTRhM+m4r889CYFVy8D9FQvD0H/1vKqc04vhpgDvc6Jlp+DXDGr/ Js8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741943885; x=1742548685; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=k25vHo+SuX9WXQxCBTTfhIH2v1nx8V62o1tJzFYzYzE=; b=TlxNefc1dtCUk0u2aNmBARMddFOV1iIFfh1zza71YaV/dGKtA95Zfg/OyG4kQoJldW Z+R0oketgK++uPW8EhEsUHrLZ7x+0KIdpikmtfSmlZeh8FPlGQIT+gkWDstHaO4f2kfQ CPHWGgBvf+ODSDajgAX+so7TORaY3UmVwC5pqa7B6gHVfHn2u+YR6mFkhSa1dsZLstsf oqSLpCzULCrsCVN1C/2DFpabHMY2pXfVeHdCiF2Sx6X19OjAOhc5fFvglnZ0gFebfJxF RWU+HlsNs29G58a9GXImpQwKa29jlLLD9RQtb+S/V4yZoAyNykA/e2bCD5duS+P5qJyf 3kTw== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXUNtN1fAlLerSBCPB/ONWR/B65FJw8Q3dUIgYUNSuw0WtFa1iUnTQnHiDjii6Ui2o71/l7@ilbers.de X-Gm-Message-State: AOJu0YyREh5CJ8Yx6Ob+H1dXuvEOCnIwh8AI7Vo/DzH9xB2oZDMYxPbI lmJFi9ZGtWChnjbIaTlsKIAvHaLKDPfC0zs/rMMRV4zK4SZVEgvC X-Google-Smtp-Source: AGHT+IFv4p3OQ4N4wosqGBEzoTbElVUWqtc2SLYDQTvPaTuYQ0l8Ad5k9THEPxsE1669a3mzhdo+DQ== X-Received: by 2002:a05:6e02:12ca:b0:3d2:ed3c:67a8 with SMTP id e9e14a558f8ab-3d479f81830mr58985695ab.4.1741943885344; Fri, 14 Mar 2025 02:18:05 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=Adn5yVFTGYDvE/WZ79A9jY5A5j3w9hJjdaoaAHOV60wPwlk7xg== Received: by 2002:a92:c982:0:b0:3d4:58a3:f73 with SMTP id e9e14a558f8ab-3d4787638a2ls12272095ab.0.-pod-prod-00-us; Fri, 14 Mar 2025 02:18:04 -0700 (PDT) X-Received: by 2002:a05:6e02:b45:b0:3d4:2a80:74fb with SMTP id e9e14a558f8ab-3d479f817a4mr65868355ab.3.1741943884297; Fri, 14 Mar 2025 02:18:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1741943884; cv=none; d=google.com; s=arc-20240605; b=NynbGnEr3N1j5o4FZ+rvM2bYnjUD+cklJ5IdYNxzVq4YcE50UMilXEg/h0OndoVbO9 vo0yVRGoeC9zbqMpba8liLum1OfhhD6KPQOCOhQBhBDwrq+DeiyfMkKdKDb5sgv0oCjA 6fNZtcnEwlm+Cxze7yWRZGrD/5MZgDwrMfV0rh0MQYByt6f6yc9GqK+Z3QYuHsGE3DHU i5J8d5+AnZ7B/vT5fp1mgb7eqC3Jaz/qMKkKayB/mq+Y45sLLqj0ENiZ3/qqDd0wARVc +Q4ICzKKHRi3A3vmUdFqjq3XkOxB7YMabTkFf9snvetJUkOIgT/20eLhjLi8D6nCGkzK w6qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=kuUHD+kgfObv0pXOV1bYeLoWv6yY6QVcXTA5v4bKPes=; fh=F1f0TDHvVxE53LU5SytmTSM1n82aIbZdl3YOFDcvT9o=; b=d7HDh6UdToECXLtf8cEknQBLt8isxov05zq7NJiqXLe6c7D2d/hRRmw9Y3q5lSqOJ8 wwEShCpEnqb5ro2cx/FnPuCHVcbdBUB6ZV6RyslbD5dt8VoSPusfpuol4rvAjOiAYQR+ Kh1pQVBxsQ1GnPzcyHJcBWL/o67+Os5yOxT0A6c2GCPaZIVtnntPxtpMTJyb2RWslwSd sXScklAO24H/IQTQRRKlQ9n0lP8HE2spxYsyUXHtweVxZkm1zRNQ6QCcesJ1ZvWn+9CS TECyD3o5ZeROrgnguOuobOBaw/LCnL+B7JzTFeu0RKvOl1t/MNLRqKUXdQ4TRvs74tSM 52Bg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FAXeYEa2; spf=pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::b33 as permitted sender) smtp.mailfrom=roberto.foglietta@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com. [2607:f8b0:4864:20::b33]) by gmr-mx.google.com with ESMTPS id 8926c6da1cb9f-4f2637ff9d3si132528173.3.2025.03.14.02.18.04 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 14 Mar 2025 02:18:04 -0700 (PDT) Received-SPF: pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::b33 as permitted sender) client-ip=2607:f8b0:4864:20::b33; Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-e6341e4d0b4so2601446276.0 for ; Fri, 14 Mar 2025 02:18:04 -0700 (PDT) X-Gm-Gg: ASbGnct+D+u6hOgqmXlYgJ2lgx8ROOdhUSU/S3SByvN9O0fh1StArATnUnhliphgQYw 8G/lZzOkOh7Cupz6IJ0QIAghc7ZXba4LF8vyInFeH1LP7zpmvaf1AlS95xolIx17/7YGfEXzQWx Er1Bra/CekvnJtzAJZXWg+P3j2M10PY698mCVMyeSXBPY= X-Received: by 2002:a05:690c:688e:b0:6f9:492e:94db with SMTP id 00721157ae682-6ff461f08dcmr14887547b3.2.1741943883689; Fri, 14 Mar 2025 02:18:03 -0700 (PDT) MIME-Version: 1.0 References: <200a5c93-d152-4217-89a0-7549a3d474b4n@googlegroups.com> In-Reply-To: <200a5c93-d152-4217-89a0-7549a3d474b4n@googlegroups.com> From: "Roberto A. Foglietta" Date: Fri, 14 Mar 2025 10:17:27 +0100 X-Gm-Features: AQ5f1Jrrh_-N5iuJdx6Tbn-DYsiAnV9WTHzJqSoqAtBbYWetEgW9Fydodf-bgs8 Message-ID: Subject: Re: non sudo build To: "mdolli...@googlemail.com" Cc: isar-users Content-Type: text/plain; charset="UTF-8" X-Original-Sender: roberto.foglietta@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FAXeYEa2; spf=pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::b33 as permitted sender) smtp.mailfrom=roberto.foglietta@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: m6xJrQdFoIoB On Fri, 14 Mar 2025 at 09:23, 'mdolli...@googlemail.com' via isar-users wrote: > > Hi all, > > I would like to build isar as non sudo user. I found a feature for this, but the latest comments are 2 years old: > - https://github.com/ilbers/isar/issues/11 > > Are there any new updates to that topic? > jan-kiszka on May 24, 2022 Contributor The topic is not forgotten, "just" not the most urgent one right now. That's also because it remains hard with a real distribution that does not have this case on its "normal" path. Some background, others may add more: We need a solution that is in line with official Debian installation here. Neither polystrap nor multistrap are maintained anymore. An option we have currently on the horizon is DPKG_ROOT, but that requires support of the packages, thus is nothing you do "over night". https://github.com/ilbers/isar/issues/11#issuecomment-1135415963 *** PREMISE The idea to complain with Debian or whatever else decision makers external to a project is fundamentally wrong under the perspective of supporting a user-base that might not be even interested in tha OS. Because it is equivalent to say that the support of a project depends on the will of somebody else whom are not involved in the project nor a stakeholder of it. So, this explanation should be rejected in total. Moreover, this approach is also against open source and free software, the main idea for which people whom have source code and skills can take care of themselves or sell their skill to others for the same goal. Under this PoV saying that X or Y projects can achieve a goal but should be discarded because they are not currently supported is absurd as long as the source is available, one project could resume from that source and a dedicated support can be provided in order to integrate with the main project needs. *** LONG TO READ The question is - that source code, related maintenance and integration - are worth the effort rather than a generic approach of a user-land virtual machine? Usually a user-land machine is available but it might not be universally true or the performance might be sensitively lower than a real machine executing the same task in user-land. Because virtualisation can provide near real-hardware performance when a virtual machine has the right to access to hardware in a "passthrough" mode and this requires fine-grained privileges that are constantly a risk being a backdoor (or potential) to escalate root privileges and requires effort to be set and maintained within a certain degree of security. Which usually brings the companies to provide a root-access to engineers on some machine that CANNOT join the company network but just a LAB network. Unfortunately, also the LAB network might contain a certain amount of sensitive data which should be protected and this raises the concern of using developing tools that require root password. Something that led responsable engineers to segregate these DEV machines into a relatively isolated LAB sub-lan. So, a reasonable answer can be: ISAR is not the only DEV tool that requires root privileges, provide yourselves the proper hardware/network supply/settings to deal with all those cases similar to ISAR. Then, for someone ISAR can be the ONLY dev tool that requires such a privileged root access. This implies that all the costs related to deal with this requirement would be accounted in total to ISAR center of cost. Plus, from a manager PoV, when ISAR is the ONLY one that requires an investment or a policy change, then it is also the first of a series. Because at that point - engineers will not do that extra mile they need to run a dev tool into a user-land environment but switch to the "exception" created for ISAR mixing data that were NOT supposed to be mixed and fragments of them could be included into ISAR products. For example sensitive data can be leaked because the files which contain the root filesystem have holes but when dd is used the raw data might be collected and hence the data which has not be zerood. You might argue that this is not going to happen - bla bla - irrelevant, I might be wrong in citing a practical example but it can exist. In particular it exists - at least in theory and because ignoring details - into a non-technical decision maker like a manager. Who cares about professional users? Open source and free software is for hobbyists and not for professionals. Companies that wish to use that solution SHOULD pay for professional support. Then wrote that explicitly: this feature is available ONLY for those buying professional support. Which in this case means - after reading the comment above - support Debian with a donation and hope for the best. Name a company manager that will consider such a kind of action as "professional support" whatever that support is provided "with granted results" or "best-effort" formula? *** IN SHORT Whatever Debian is going to do, it is not a matter of ISAR. As long as a project can solve the problem and the source is available then the maintenance of that software should be included in ISAR - or into ISAR activities - when anyone else is currently in charge of or not willing to consider the needs as their priorities Which is the reason because forks and alternatives exist. Finally, supporting ISAR for working with not-root privileges is a decision that should be escalated to those who are business stakeholders of ISAR development. *** RATIONALE Considering that ISAR is an open-source project anyone has a business interest in developing that feature and supporting the tools that can be used for, then that stakeholder should be put in condition of contributing to the mainstream in such a way that feature will be available also in future versions of ISAR. Which is - fundamentally - the HUGE difference between sw-libre and open-source PoVs: community vs stakeholders. Community driven by consensus and Stakeholders driven by I-need-then-I-do-it attitude. Which is also the difference between putting the human real-world needs before abstract concepts: pragmatism vs ideology. *** I hope this helps, -- Roberto A. Foglietta +49.176.274.75.661 +39.349.33.30.697 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/CAJGKYO4NzY334X%3DV3ZmdxvwvF2vPSJ2NanWj%3DbJk4bgpZKHYpw%40mail.gmail.com.