David Laight wrote:

> Actually the change was done because I had to rewrite some of the
> system call code to avoid using the 'stackgap', and the existing
> code was just so horrid I factored some changes further through
> the code paths it order to make life easier for the callers.

sorry. that is a weak argument. compat code should adjust to netbsd,
not the other way round. your changes do not justify breaking the
interface.

if you want to fix "horrid" code, contact me off list, and I will
happily provide you with tons of it. :)

> There is also the long-term requirement to remove the compile-time
> limit of NGROUPS/NGROUPS_MAX, so I made sure that the comparisons
> against that value all got moved inside the kauth_cred code.

since when is this a long-term requirement? can you show where was
this recently discussed? I don't recall it being a critical issue,
which is why most of my work post kauth merge was on secmodel
abstraction rather than addressing the group limit.

this issue *did* come up, iirc thorpej@ raised it, and there was
no consensus that it was important enough to address now. what you are
doing now is trying to justify your "readability" changes with an
esoteric benefit.

if someone would have said this is a serious limitation, which is
hilarious (given the years NGROUPS has been enforced and the other
bsds/linux distros enforcing it :), I would have addressed it.

however, while plenty of people complained about plenty of things,
the group limit was never one of them.

> Since your 'fully encapsulated, not let anyone near my internals'
> version required everyone to know that limit.

see above. it was not critical, so a temporary interface was written
to *satisfy* the current requirements.

iirc, the original plans were to support a group model similar to
mac os x's. but, like I said, it was *never* considered an issue
important enough to waste time on.

now, can you please explain why this was not brought up for public
discussion prior to the commit?

> I will look at the code again later.

I kindly ask you to revert the kauth interface modifications and bring
up the subject for discussion on a new thread. sneaking code in and
expecting nobody will notice and then trying to justify it is really not
how netbsd should be developed.

-e.