I think the solution is quite simple. Let's replace
chown -Rhf root:root /etc/tomcat8/ || true with rm -rf /etc/tomcat8 I mean purge means purge. Remove all files, don't leave anything behind. As another improvement suggestion for Tomcat 9, we could stop deleting the tomcat user on purge and let the admin decide. I believe this is even consensus within the project and will protect against reusing files with the old GID and UID for something unintended.
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.