Other time daemons like ntp use designated users instead of generic nobody:nobody like tlsdate. Using a designated uid allows for easy firewall filtering, for instance. Implementing this in the ebuild seems simple: -DUNPRIV_USER="tlsdate" -DUNPRIV_GROUP="tlsdate" enewuser / enewgroup in pkg_setup() (or even pkg_preinst(), since there is no fowner in src_*() functions)
@vapier: do you want an actual patch? This bug got tagged with PATCH during initial wrangling.
i don't pay attention to that keyword as it's much more often wrong than not i'm not really convinced there's a difference between using "nobody/nogroup" and "tlsdate/tlsdate" to the system
(In reply to comment #2) > i'm not really convinced there's a difference between using "nobody/nogroup" > and "tlsdate/tlsdate" to the system The difference is that with tlsdate/tlsdate, you can apply various policies to tlsdate using user/group-based control, in a way that doesn't affect other programs that also use user "nobody" (e.g. apache?). If it was a user that needs no permissions at all, "nobody" would perhaps be suitable, but tlsdate needs network access, so one can punch firewall holes for it based on uid, etc. With other daemons it is not such a big deal, because you can usually pass user/group to use on command line, but tlsdate has them hardcoded.
should be all set now in the tree; thanks for the report! Commit message: Clean up compiler flag handling w/fix from upstream, and add dedicated user/group for tlsdate to use when dropping root http://sources.gentoo.org/net-misc/tlsdate/files/tlsdate-0.0.4-compiler-flags.patch?rev=1.1 http://sources.gentoo.org/net-misc/tlsdate/files/tlsdate-0.0.4-configure-user-group.patch?rev=1.1 http://sources.gentoo.org/net-misc/tlsdate/tlsdate-0.0.4-r2.ebuild?rev=1.1