On Mon, 2021-05-03 at 08:55 +0200, Roland Rosenfeld wrote: > It seems to be consensus that deleting users on purge is a bad idea, > see policy bug reports > https://bugs.debian.org/228692 > https://bugs.debian.org/291177 > https://bugs.debian.org/621833 > but it is still not written to the policy, but only in the above wiki > page and bug reports. > > So it seems to be best practice to keep the user on purge. > > Is it okay to close this bug report accordingly or do yo prefer to > keep it open and tag it "wontfix"?
I made some comments on #621833. Especially, cleaning up the users isn't really much worse than creating them in the first place. Actually I'd even say it's better, from a security PoV, cause deleting them will likely just loudly break things - while creating/using a user which may already be used by someone likely introduces a privilege issue. Cheers, Chris.