Michael Still wrote:
The reality is that privsep was always going to be a process. It's taken more than 80 patches to get close to removing rootwrap.
There are other advantages to removing rootwrap, mainly around performance, the integration of library code, and general non-bonkersness (cat to tee to write to a file as root), etc.
There is president in the code to mark calls as undesirable, and others could be marked like that as well, but ultimately someone needs to do an audit and fix things... That's more than one person can reasonably do.
So, who wants to help try and improve this? Patches welcome.
It's been on my priority-2 TODO list for a while to help with that... Now if people would stop adding to my priority-1 TODO list... Agree that's definitely more than a one-person job, but migrating a specific call is also a reasonably self-contained unit of work that (1) does not require a deep understanding of all the code around it, and (2) does not commit you for a lifelong feature maintenance duty... So maybe it would be a good thing to suggest newcomers / students to get a poke at? I'm happy to help with the reviewing if we can come up with a topic name that helps finding those. -- Thierry Carrez (ttx)