Hi! On Tue, 2019-05-14 at 11:29:04 +0200, Holger Levsen wrote: > Package: debian-security-support > Version: 2019.02.02 > Severity: minor
> check-support-status.hook contains code (copied from postinst) to create > the d-s-s user, which (I believe) is useless as the user is created in > postinst > anyway and this hook will only be run after postinst. The hook is called always after a dpkg run, but those runs can be for any dpkg command. In addition the hook cannot control how dpkg was called. So the following could easily happen for example: run 0 unpack \ debian-security-support \ libfoo \ libbar \ # EOL post-invoke hook run 1 configure \ libfoo \ libbar \ # EOL post-invoke hook run 2 configure \ debian-security-support # EOL post-invoke hook And only on the last one the user would have already been created. Restricting the action via DPKG_HOOK_ACTION == configure, would not help much either as it would strip over the above scenario. > we should clean this up after the release of buster. I'm not sure this is feasible, given the way this package currently works? Thanks, Guillem