4 Feb
2015
4 Feb
'15
6:11 a.m.
[2015-02-03 22:10:26 -0500] Daniel Micay:
It's definitely a security issue when it comes to the dynamically assigned range (500..999) since files may be left behind and the user/group could be reused. It doesn't seem like it could be an issue with the reserved static ids though.
I concur. Besides, if we're not going to remove users/groups in post_remove, we might as well ship a default /etc/passwd in the filesystem package with every single user/group in it. There's also the issue of packages like postfix that use an upstream script to set permissions right after the package is installed. Well... I'll wait to see all this issues addressed before looking at the new todo list. Cheers. -- Gaetan