Bill Allombert <ballombe@debian.org> writes:

Le Sun, Apr 20, 2025 at 11:22:04PM +0500, Andrey Rakhmatullin a Θcrit :

On Sun, Apr 20, 2025 at 06:25:53PM +0100, Josh Triplett wrote:

What I'm suggesting here is that if every individual package that needs
awk has a Depends on it (via a package that allows switching
implementations), rather than relying on Essential, then it becomes
possible to make incremental progress, and that incremental progress
benefits people who are willing to carefully remove some of what Debian
normally always has installed packages.

Should we start declaring deps on all essential packages explicitly?

There are maintainers scripts that run without the dependencies installed
(or even without the package being installed).
They can only use Essential:yes packages.
There is no place to write such dependency currently.

How many of those scripts are really unavoidable? My view is that many pre/post-inst scripts are just hacks to work around some other problem.

Maybe we can work towards reducing the need for these scripts to begin
with.

Having some mechanism to create package-specific users seems like one
useful goal, and I don't understand why each package has to write
scripts to invoke 'adduser' and deal with all the complexity around that
on their own. There could be a declarative interface a package can use
and say 'USERS+=saned' or 'USERS+=munin' or 'USERS+=openldap' and that's
it.

/Simon

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmghnMUUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFosv4AQCiGT9gETcJ H8JisonKHz5KPopqYXb3qwpuZkoETUGbjAEAokIXdr27sc2dnRtFUnaa3HcugxSD iZ+iv9yGI3cuoww=SE18
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Simon Josefsson <simon@josefsson.org> writes:

Having some mechanism to create package-specific users seems like one
useful goal, and I don't understand why each package has to write
scripts to invoke 'adduser' and deal with all the complexity around
that on their own.

systemd-sysusers does this?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On May 12, Simon Josefsson <simon@josefsson.org> wrote:

Having some mechanism to create package-specific users seems like one
useful goal, and I don't understand why each package has to write
scripts to invoke 'adduser' and deal with all the complexity around that
on their own. There could be a declarative interface a package can use
and say 'USERS+=saned' or 'USERS+=munin' or 'USERS+=openldap' and that's
it.

We have one: it is documented in sysusers.d(5).
Now you just need to persuade everybody to use it.

--
ciao,
Marco

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCaCGteAAKCRDLPsM64d7X gec2AQC+V0cCEbsKVauW5LYvmsHwtr+o3vTWleyH1pV0MQEvCgEAlvaTraZvR7Hp hC9Q7YSNULituYJKsEBlFh8LPKg3AwU=
=eWJ+
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marco d'Itri <md@Linux.IT> writes:

On May 12, Simon Josefsson <simon@josefsson.org> wrote:

Having some mechanism to create package-specific users seems like one >>useful goal, and I don't understand why each package has to write
scripts to invoke 'adduser' and deal with all the complexity around that
on their own. There could be a declarative interface a package can use
and say 'USERS+=saned' or 'USERS+=munin' or 'USERS+=openldap' and that's >>it.

We have one: it is documented in sysusers.d(5).
Now you just need to persuade everybody to use it.

Oh I wasn't aware of that, thanks for the pointer. Is there any known
reason (except lack of time) that people aren't using it? I'll see if I
can come up with a way to use it in some packages, I think 'pqconnect'
would be a good candidate -- the postinst script is only there to call addgroup+adduser and it always felt like a hack.

https://salsa.debian.org/python-team/packages/pqconnect/-/issues/13

/Simon

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmgiX6YUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFotlYAQDuIarh7lDM UG6QZMTawpJ/8zSnAGcwYFoYU33DDfftXAEAsGtDOZOLEE0R/a8/cELUkgoWlz53 cSmZACfJIaGT3Q4=
=dx0t
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/05/2025 21:52, Simon Josefsson wrote:

Marco d'Itri <md@Linux.IT> writes:

On May 12, Simon Josefsson <simon@josefsson.org> wrote:

Having some mechanism to create package-specific users seems like one
useful goal, and I don't understand why each package has to write
scripts to invoke 'adduser' and deal with all the complexity around that >>> on their own. There could be a declarative interface a package can use
and say 'USERS+=saned' or 'USERS+=munin' or 'USERS+=openldap' and that's >>> it.

We have one: it is documented in sysusers.d(5).
Now you just need to persuade everybody to use it.

Oh I wasn't aware of that, thanks for the pointer. Is there any known
reason (except lack of time) that people aren't using it? I'll see if I
can come up with a way to use it in some packages, I think 'pqconnect'
would be a good candidate -- the postinst script is only there to call addgroup+adduser and it always felt like a hack.

https://salsa.debian.org/python-team/packages/pqconnect/-/issues/13

Relatively new perhaps. Needs a little fiddling to work with debhelper
compat level 13 (needs dh helper called from d/rules).

You sponsored ntfy with one example of it. Small hint is not to forget
the d/rules call to dh_installsysusers.

https://salsa.debian.org/go-team/packages/ntfy/-/blob/debian/latest/debian/ntfy.sysusers?ref_type=heads


--
Regards,
Ahmad

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi!

On Mon, 2025-05-12 at 22:52:53 +0200, Simon Josefsson wrote:

Marco d'Itri <md@Linux.IT> writes:

On May 12, Simon Josefsson <simon@josefsson.org> wrote:

Having some mechanism to create package-specific users seems like one useful goal, and I don't understand why each package has to write
scripts to invoke 'adduser' and deal with all the complexity around that on their own. There could be a declarative interface a package can use and say 'USERS+=saned' or 'USERS+=munin' or 'USERS+=openldap' and that's it.

We have one: it is documented in sysusers.d(5).
Now you just need to persuade everybody to use it.

Oh I wasn't aware of that, thanks for the pointer. Is there any known
reason (except lack of time) that people aren't using it? I'll see if I
can come up with a way to use it in some packages, I think 'pqconnect'
would be a good candidate -- the postinst script is only there to call addgroup+adduser and it always felt like a hack.

https://salsa.debian.org/python-team/packages/pqconnect/-/issues/13

systemd's sysuser support is only apparently slightly better than
adduser (in that it is declarative), otherwise it feels rather
underwhelming in the package management context. It does not solve being
able to use such users in .deb files w/o maintainer scripts, it currently
also uses maintainer scripts for its normal operation (you just do not
write them explicitly), it does not solve bootstrapping issues, does
not support setting a system-wide policy on whether to remove the
users/groups on package purge, etc.

I still think the right way forward is to add proper native support
for system user/groups to dpkg, where the first stage was implemented
recently by portably parsing passwd and group files natively (to
support chroots). I'm planning to discuss this with the base-files and
adduser maintainers, to have a draft for dpkg 1.23.x.

Thanks,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Ahmad,

Il 13 maggio 2025 00:30:09 CEST, Ahmad Khalifa <ahmad@khalifa.ws> ha scritto:

Relatively new perhaps. Needs a little fiddling to work with debhelper compat level 13 (needs dh helper called from d/rules).

You might want to build-depend on dh-sequence-sysusers instead. This way, you don't need to fiddle with d/rules.

Bye!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Andrea Pappacoda <andrea@pappacoda.it> writes:

Hi Ahmad,

Il 13 maggio 2025 00:30:09 CEST, Ahmad Khalifa <ahmad@khalifa.ws> ha scritto:

Relatively new perhaps. Needs a little fiddling to work with debhelper compat level 13 (needs dh helper called from d/rules).

You might want to build-depend on dh-sequence-sysusers instead. This way, you don't need to fiddle with d/rules.

Are there any guarantees on semantics for package removals? Will the user/group be removed from /etc/{passwd,group} or not? Will it remove
the home directory? What happens if the home directory is not empty?
Will it remove files owned by that user/group elsewhere? I recall
different packages have different preferences on these topics.

/Simon

-----BEGIN PGP SIGNATURE-----

iQNnBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmgkRpEUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFom2BAQDrdcF8+G1G YsafQCwWUoJ/nRLp83lBYdb51hPa7isECgD4iJTZJc5lzM20UXm4P5+VzaB7ltMa 4cWb7gLHyHemBQ==
=zDk4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, May 14, 2025 at 09:30:25AM +0200, Simon Josefsson wrote:

Are there any guarantees on semantics for package removals? Will the user/group be removed from /etc/{passwd,group} or not? Will it remove
the home directory? What happens if the home directory is not empty?
Will it remove files owned by that user/group elsewhere? I recall
different packages have different preferences on these topics.

see #228692 from 20024, or maybe directly jump to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=228692#63
from at least 2020.

To quote Russ once again: 'I think Policy should say something like
"created users and groups should not be removed by default, but may be
removed on purge if the local administrator explicitly requests this, either for that package or as a system-wide default."

I think this is still the best practice, even if underdocumented.

Finally I'd like to add that I would not remove home directories even on
purge, unless they are empty.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Everyone is entitled to their own opinion, but not their own facts.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmgkSy0ACgkQCRq4Vgaa qhyj+w//ZibIxmsgp0hQGcgohXm79E0ZuumSutsCsHzqHUVLmRXjBrsUlZ+RDVXu 5GYzTSrRlwCOpw0taKNU43n76plsaNAEtXdIUHXdh2KvP2SlpIM0vZLIvyD+U52S a+pOvPRCUdEGOvvBIgsKkxqRGmzIoFCOM15vnIVm1lxbpM3R4gE1bSrzoRIaA7b1 eRkv4au8DmLuMJlSfkQUVIeNKHE/dXgFYAKW7O1KwVl9PG9u69GqwEhWNM3C1q4Y XjC8+S0rEDxR/NYFZK7Lk8NL7pNYv5U9rijGz0nCN1Tljmdp+WYrI946xZtsb87r vF1se3Veoe8EHstVLpaZS+OS483dIAgb6dlq7BJUjrZJ3Nru1Sh71XTdctxwPrK7 oML7lAskzJozUM2msbF+Vv7FZ/JfiMTQv/vBAJrCBdh1vcOSpZSdr2e3b8UWFKuM /dJQmta8uNpyj9LmYpfV3DVCAB60iKqBM3w0YFaynHg4lBIwjh0725JusMD/nfwS QVKtrkC8+tR0Z35YweNy5Lmz7KVrjtoYgYjfO+FiegwYp4Gtpy+wLUQJwZDulkTv ewVh8gcLDtURkNaIHOhUToxkEZDSwT+nnsQsySkW2cBW8

Holger Levsen <holger@layer-acht.org> writes:

On Wed, May 14, 2025 at 09:30:25AM +0200, Simon Josefsson wrote:

Are there any guarantees on semantics for package removals? Will the
user/group be removed from /etc/{passwd,group} or not? Will it remove
the home directory? What happens if the home directory is not empty?
Will it remove files owned by that user/group elsewhere? I recall
different packages have different preferences on these topics.

see #228692 from 20024, or maybe directly jump to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=228692#63
from at least 2020.

To quote Russ once again: 'I think Policy should say something like
"created users and groups should not be removed by default, but may be removed on purge if the local administrator explicitly requests this, either for that package or as a system-wide default."

I think this is still the best practice, even if underdocumented.

Finally I'd like to add that I would not remove home directories even on purge, unless they are empty.

Right -- and I just read that Guillem wants dpkg to have native support
for this, which really sounds like the best way forward to me.

Hopefully then the behaviour for user/group removal on package removal
will be more consistent.

Meanwhile I'm not sure it is worth investing time to increase adoption
of dh-sequence-sysusers, at least for me, unless it actually solves some
real problem (like
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100030 ...).

/Simon

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmgkTmsUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFonSKAPsE+qk5mb+p C2BYc0Nizpc/GmRZqmDKnvaw5yaUZX+h0AEAvDUYDN5Zl0+rBldOBP9rw0CWN32S JKA8SMbiMOuaLQ4=Dly5
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On May 13, Guillem Jover <guillem@debian.org> wrote:

systemd's sysuser support is only apparently slightly better than
adduser (in that it is declarative), otherwise it feels rather
underwhelming in the package management context. It does not solve being
able to use such users in .deb files w/o maintainer scripts, it currently

This is much less of an issue that it used to be, because nowadays the /{etc,run,var/*}/$NAME directories can be created most of the times on
demand by systemd with the right permissions, by using the ConfigurationDirectory, StateDirectory, etc... directives.
See systemd.exec(5) for details.

also uses maintainer scripts for its normal operation (you just do not
write them explicitly),

I suppose that you could implement support for calling systemd-sysusers directly in dpkg, if you think it is needed.

it does not solve bootstrapping issues, does

What do you mean here?

not support setting a system-wide policy on whether to remove the >users/groups on package purge, etc.

I think that this could be implemented in systemd-sysusers, if somebody
cares enough to do it.

--
ciao,
Marco

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCaCRurwAKCRDLPsM64d7X gWnoAQCUv68aK4YyEhfKh5uj65+8vg8rfB8seSYK3p8i5+MIewEAs2Xh2LW2YlAP kMa0yaNRF1MxThOVYIq+RqdoTr8vXQ4=
=787w
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 14 May 2025 07:50:06 +0000, Holger Levsen
<holger@layer-acht.org> wrote:

To quote Russ once again: 'I think Policy should say something like
"created users and groups should not be removed by default, but may be >removed on purge if the local administrator explicitly requests this, either >for that package or as a system-wide default."

I think this is still the best practice, even if underdocumented.

adduser will support this behavior in forky, should it not be thrown
out earlier.

Greetings
Marc
--
---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)