On Tue, Jun 30, 2020 at 07:07:50PM +0200, Michael Biebl wrote: > It's my understanding, that there is no clear consensus what should > happen on package purge. Some packages do manually remove system users > and go to some length to find files/directories owned by a system > user/group and remove them. > Some maintainers are of the opinion, that a system user once created > should not be removed again. > I think both viewpoints are valid, but the never-remove-a-system-user is > probably the safer approach.
I actually thought we had consensus that system users should not be removed, but couldnt find this documented neither in policy nor developers-reference nor developers-reference's bugs or wiki.d.o pages with the the word user in them. so, then I checked policy's bugs and found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=228692#33 which is a nice description of the 2018 consensus about the bug from 2004 titled "User/group creation/removal in package maintainer scripts". And to quote Russ from bug=228692#33: 'I think Policy should say something like "created users and groups should not be removed by default, but may be removed on purge if the local administrator explicitly requests this, either for that package or as a system-wide default." voila. I'm bcc-ing #228692 as a ping (and so it won't get unneeded cc:s later.) -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
