severity 466929 normal
thanks
On Thu, Feb 21, 2008 at 10:35:27PM +0100, Jiří Paleček wrote:
> Package: libuuid1
> Version: 1.40.2-1+lenny1
> Severity: serious
> Tags: patch
> Justification: Policy 9.2.1
>
> according to the policy, UIDs and GIDs in the range 1-100 are reserved to
> be globally allocated by the base-passwd package. libuuid1 allocates a
> dynamic UID and GID from this range. This is a violation of the policy, and
> it means that libuuid's user will be deleted on upgrades of the base-passwd
> package.
Actually, adduser and addgroup automatically avoids the range 1-99,
even if UID_MIN and/or GID_MIN is set to 1. It's better for script
clarity set UID_MIN to 100, but it doesn't actually result in a
behavioural change. Still it's good to fix this; it just doesn't
warrant a severity of SERIOUS.
- Ted
