That 2009/5/28, Jan Spakula <jan.spakula@xxxxxxx>: > Excerpts from ludovic coues's message of Do Mai 28 17:09:52 +0200 2009: >> A solution in pacman, getting rid of user adding in .install script, >> can allow security like asking user to confirm creation of group and >> user. >> >> This would be a secure way of doing thing, and users/admin would be >> aware of new user/group. > > I don't get how is adding/removing users/groups from pacman directly safer > then > doing the same from the install script. > > How about just *informing* the user what's happening in the install script? > Then there would be no 'unexpected behavior'. > That's what I want to when I suggest to confirm the creation. And pacman can have some internal security that can be by-pass if some PKGBUILD field are used. For example, pacman could have a database with which app have add which user, and will not remove a user which is needed by an app when another app want remove it on uninstall.
