Control: tags -1 wontfix Control: severity wishlist On 24/03/17 15:59, Denys Berkovskyy wrote: > Hi, > > Please find attached a path which fixes the issue. Since I was fixing issue > in git I have as well pushed changes to github and attached pull-request. To > test the changes I have made a package with changes applied to new upstream > version and uploaded it to mentors.debian.org: > https://mentors.debian.net/package/shairport-sync > > Alternatively you can download the package from mentors with dget: > dget -x > https://mentors.debian.net/debian/pool/main/s/shairport-sync/shairport-sync_3.0.2-0.1.dsc > > > I am new to the Debian packaging and I am not sure if I am doing the things > correctly. Could you let me know what should I do in the future. Is it > preferable to create and send patched on BTS, or doing it in git repository > and sending pull-requests is preferred way? And if creating packages with > changes applied is any use to maintainers? I would as well appreciate any > other comments you have.
Hi Denys, First of all, sorry for leaving your bug report hanging for so long despite you being ultra-helpful and including a patch. I don't think the package should remove its user or group when it is removed or purged. The reason is twofold: 1- should there be any files leftover on your system owned by said user they will now show up only with their UID/GID numbers, and 2- if you then install another package the UID/GID will be recycled and they will be owned by the new user. shairport-sync doesn't install any files itself, and the only leftover items will likely be under /run, but I can't guarantee that users won't chown/chgrp files elsewhere on their filesystem, leading to confusion and even potential security issues. I had a scout around other common packages, and none that I looked at remove their users/groups. Aside from that your patch looks perfectly valid and it was very helpful that you went out of your way to learn how to do this. Please don't be discouraged by me not applying your patch! Attaching the patch to the bug and uploading to mentors were both very good things to do. Debian developers have a tendency not to use GitHub for a plethora of reasons. I don't personally mind GitHub at all and use it for various things, but I have used Debian's Alioth project system to host my Debian packages. All this means is that pushing to GitHub and doing the pull request was unnecessary, even if some people might find it helpful. Thanks again, Chris -- Chris Boot bo...@debian.org GPG: 8467 53CB 1921 3142 C56D C918 F5C8 3C05 D9CE EEEE
signature.asc
Description: OpenPGP digital signature
