That 2009/5/28, Jan Spakula <jan.spakula@gmx.com>:
Excerpts from ludovic coues's message of Do Mai 28 17:09:52 +0200 2009:
A solution in pacman, getting rid of user adding in .install script, can allow security like asking user to confirm creation of group and user.
This would be a secure way of doing thing, and users/admin would be aware of new user/group.
I don't get how is adding/removing users/groups from pacman directly safer then doing the same from the install script.
How about just *informing* the user what's happening in the install script? Then there would be no 'unexpected behavior'.
That's what I want to when I suggest to confirm the creation. And pacman can have some internal security that can be by-pass if some PKGBUILD field are used. For example, pacman could have a database with which app have add which user, and will not remove a user which is needed by an app when another app want remove it on uninstall.