[arch-dev-public] user/group management in packages

Hi all, While looking into how best handle those directory permission warnings with pacman-4.2, I have noticed a couple of things about user/group management in our packages. 1) We should not remove users/groups when packages are uninstalled. This is a potential security issue if any files are left owned by the non-existent user/group. 2) Most packages that chown files in the install file could do it use the user/group number in the PKGBUILD. This works on any package with a reserved user/group ID. The advantage of doing this is that pacman can track the permissions. (A solution is being worked on for dynamically created user/groups whose id number can vary.) Should I create a rebuild list? Cheers, Allan