Sorry for posting from phone. I hope it's not too unreadable. I'm a bit ill from travel.
Sebastian Ramacher <[email protected]> schrieb am So., 7. Mai 2023, 10:50: > Source: apt > Version: 2.5.4 > Severity: serious > > On 2023-05-04 11:17:50 +0200, Helmut Grohne wrote: > > Hi release team, > > > > Andreas Beckmann does wonderful QA work and recently figured that some > > packages use deluser during purge (e.g. #1035494 and #1035495). deluser > > is shipped with adduser and adduser used to be practically essential, > > becaue apt used to depend on it, but that dependency was removed on my > > request. Now apt never was essential to begin with, but having a Debian > > installation without apt is a relatively rare thing. So while this was > > theoretically buggy at all times, it is now practically observable. > > The current list of relevant bug reports is: > > #1034758 x2goserver-common x2goserver-common: fails to purge > - command (deluser|delgroup) in postrm not found > #1035291 desktop-autoloader desktop-autoloader: fails to purge > - command (deluser|adduser) in postrm not found 2023-04-30 > #1035292 debian-edu-fai debian-edu-fai: fails to purge - command > (deluser|adduser) in postrm not found 2023-04-30 > #1035435 webdis webdis: fails to purge - command (deluser|adduser) > in postrm not found > > Those bugs might be fixable, but is this list complete? > > And then there's that: > > > Even if we fix these bugs in the packages, people may still upgrade > > their systems and remove them rather than upgrading. Then, once the > > upgrade is finished (and adduser is removed), they may consider purging > > them and boom things go bad without any way of us fixing those packages. > > > > So fixing these bugs (and probably not removing users in purge) is the > > way to go, but this also raises the question of whether we want to limit > > the possible damage in trixie by making adduser temporarily essential > > for trixie. What do you think? > > I suppose you meant s/trixie/bookworm/. We are very late in the release > cycle, so dear apt maintainers, please re-instante the dependency on > adduser for bookworm. Once bookworm is released, removing adduser from > the pseudo-essential set can be revisited. > I don't have a problem pushing a 2.6.1 out with this in the coming days. Is this the best solution though - maybe setting Essential on adduser might be easier and formally fix the issue for now. > With such a change I would have expected upgrade/piuparts tests from > bullseye to bookworm that tried to remove adduser a various stages and > check for the fallout. Given that Andreas is only doing them now, that's > too late for changes to the pseudo-essential set. > We generally do not expect stuff to depend on apt. This seems to be a gap in piuparts, that it has apt installed while testing packages. > Cheers > > > Of course, I really like small essential and want it gone, but we need > > to balance that with possible breakage. > > > > I think this primarily is a decision that belongs to the release > > managers with the default choice being "do nothing about it". > > > > Helmut > > > > -- > Sebastian Ramacher > >
