I'm agree with that. Bug report should be filed for operation on daemon in .install script. 2009/5/28, Jan de Groot <jan@xxxxxxxxxxxxxx>: > On Thu, 2009-05-28 at 18:47 +0200, ludovic coues wrote: >> That >> >> 2009/5/28, Jan Spakula <jan.spakula@xxxxxxx>: >> > Excerpts from ludovic coues's message of Do Mai 28 17:09:52 +0200 2009: >> >> A solution in pacman, getting rid of user adding in .install script, >> >> can allow security like asking user to confirm creation of group and >> >> user. >> >> >> >> This would be a secure way of doing thing, and users/admin would be >> >> aware of new user/group. >> > >> > I don't get how is adding/removing users/groups from pacman directly >> > safer >> > then >> > doing the same from the install script. >> > >> > How about just *informing* the user what's happening in the install >> > script? >> > Then there would be no 'unexpected behavior'. >> > >> >> That's what I want to when I suggest to confirm the creation. >> And pacman can have some internal security that can be by-pass if some >> PKGBUILD field are used. >> For example, pacman could have a database with which app have add >> which user, and will not remove a user which is needed by an app when >> another app want remove it on uninstall. > > Packages shouldn't share user accounts usually, and in case they do, > they should be in the filesystem package. > > As for (re)starting daemons: don't. It's up to the user to do that. > Usually these things need configuration, it's a no-go to add them to > rc.conf by default. > >
