Should we require a mailing list review for new user/group packages? It's difficult to modify a user once you've settled on a UID, home directory, and shell; so it pays to get things right the first time.
The need is more apparent with fixed UIDs: if a popular package "steals" a UID that some other package needs, then that other package is going to be difficult or impossible to install (especially if it ultimately depends on the popular package). A mailing list review could elicit a "hey, my package NEEDS that UID, and yours doesn't care" before it's too late.
