Open Stack

Michael Still wrote:
> The reality is that privsep was always going to be a process. It's taken
> more than 80 patches to get close to removing rootwrap.
> 
> There are other advantages to removing rootwrap, mainly around
> performance, the integration of library code, and general
> non-bonkersness (cat to tee to write to a file as root), etc.
> 
> There is president in the code to mark calls as undesirable, and others
> could be marked like that as well, but ultimately someone needs to do an
> audit and fix things... That's more than one person can reasonably do.
> 
> So, who wants to help try and improve this? Patches welcome.

It's been on my priority-2 TODO list for a while to help with that...
Now if people would stop adding to my priority-1 TODO list...

Agree that's definitely more than a one-person job, but migrating a
specific call is also a reasonably self-contained unit of work that (1)
does not require a deep understanding of all the code around it, and (2)
does not commit you for a lifelong feature maintenance duty... So maybe
it would be a good thing to suggest newcomers / students to get a poke
at? I'm happy to help with the reviewing if we can come up with a topic
name that helps finding those.

-- 
Thierry Carrez (ttx)