* Christoph Anton Mitterer <cales...@scientia.net> [210430 18:47]: > On Fri, 2021-04-30 at 18:02 +0200, Chris Hofstaedtler wrote: > > > 1) The user/group geoclue aren't removed at all. > > > > This is correct behaviour for Debian packages. > > Is this anywhere in the policy?
Nothing in policy says the users are supposed to be removed once created. > There seem to be quite a number of > packages which do clean up properly: > /var/lib/dpkg/info$ grep "deluser " *.*rm -l > davfs2.postrm > dnsmasq-base.postrm > libvirt-daemon-system.postrm > lightdm.postrm > logcheck.postrm > ntp.postrm > openssh-server.postrm > privoxy.postrm > pulseaudio.postrm > strongswan-starter.postrm > And what sense would it make to leave it behind? Cleanup works only in trivial cases. For everything else, you will end up with a free uid and existing files or existing running processes owned by this uid. A following useradd by the local admin or a package install will "reassign" ownership of these files to a user who was never supposed to have access to them, creating a security problem. It could be argued that most packages trying to cleanup users have a security hole. Policy however says that dynamic UIDs are to be used if possible. Chris