sorry this tool is confusing, and swallowing your properly formatted patch, maybe it is just me would do not know how to properly retrieve this patch properly, in the mean time if you can send it to me by email, I will be able to push it straight thanks.

good catch thank you, can you provide me a git format-patch generated file so you can get proper credit ?

Considering that if one sets UseBlocklist yes and blocklistd is not installed at all, will just result with the same behaviour as with blocklistd installed but not started I think the is ok to split the packages this way.

the ports tree is a framework to build packages, if we are to build sbom on a distribution of packages we don't want to work on the framework which builds repositories, but on the package repository side. Meaning in the ports tree we need to make sure we collect enough metadata so that packages themselves have enough metadata for a tool like this one to collect the informations from the packages directly and not from the sources.

to be honnest I am not a big fan of this being adding to the ports tree, because usually the sbom analysis (my use case at least is on what would be reployed, so it needs to happen and the packaging level more than at the source level imho.

LGTM and I like @kevans proposal.

should fix the issues spotted by scaleway people as well

this is not for all case because people may have multiple checkouts of the source tree (other than /usr/src) this is good only for releases.

The main goal of mdo(1) I had in mind when I implemented is cases where on some system operators have to run commands as another user, like I connect ssh me@machine, then I need to do some things as nextcloud user. so basically every people in the "admin" group can run a command as nextcloud.
being able to have on this machine nextcloud the default user mdo switches to make it more user friendly, but yes this is sugar, not a strong requirement.

I am puzzled here, yes I like this, as it makes mdo(1) way more versatile, but I am also wondering if we are not here a little bit over thinking this, I get the completeness of it, but I fail at seeing a practical use case for this, and this adds lots of complexity to the code. Caan you share example on how you expect this to be used?

I love this!