On 4 February 2015 at 12:11, Gaetan Bisson <bisson@archlinux.org> wrote:
[2015-02-03 22:10:26 -0500] Daniel Micay:
It's definitely a security issue when it comes to the dynamically assigned range (500..999) since files may be left behind and the user/group could be reused. It doesn't seem like it could be an issue with the reserved static ids though.
I concur.
Besides, if we're not going to remove users/groups in post_remove, we might as well ship a default /etc/passwd in the filesystem package with every single user/group in it.
Agreed -- I'd like for static id groups to be removed with the corresponding package. However, that would leave users dangling if they use the group actively for anything beyond the package's domain. One argument there is that they should know the consequences of removing the package associated with the group, but that's not a very strong argument. Either way works for me personally, so +0. -- GPG/PGP ID: C0711BF1