On Thu, Mar 11, 2010 at 04:35:13PM +0100, Tomas Mraz wrote: > On Thu, 2010-03-11 at 10:04 -0500, Toshio Kuratomi wrote: > > """ > > We never remove users or groups created by packages. There's no sane way to > > check if files owned by those users/groups are left behind (and even if > > there would, what would we do to them?), and leaving those behind with > > ownerships pointing to now nonexistent users/groups may result in security > > issues when a semantically unrelated user/group is created later and reuses > > the UID/GID. Also, in some setups deleting the user/group might not be > > possible or/nor desirable (eg. when using a shared remote user/group > > database). Cleanup of unused users/groups is left to the system > > administrators to take care of if they so desire. > > """ > > > > https://fedoraproject.org/wiki/Packaging:UsersAndGroups > > > > I've updated bugzilla with this information as well. > > Someone should perhaps correct the > http://fedoraproject.org/wiki/PackageUserCreation then. > > Or add some rules on how to resolve conflicts among the current rules. > (I'm joking.) > So this is interesting. That page is not a Packaging Guideline. You can tell because it's not Packaging:UserCreation. The FPC is aware that the page exists but pretty much left it alone as it documents a program, fedora-usermgmt, that Enrico Scholz wrote to solve issues with user creation in the way that he thought best. However, if it's causing confusion we should definitely make some sort of change. What should that be? Options: * Put a large admonition at the top that says "I am not a Packaging Guideline" and point to the packaging guideline page for user creation. * Remove the page * Have the FPC vote whether use of fedora-usermgmt is disallowed and remove the page if so * Rename the page * Someone works on the text of the page to make it clear that it's only documenting the fedora-usermgmt application, not something written into the packaging guidelines. * Update the page to remove the userdel and groupdel portions. What combination of the above seems most suitable to people? -Toshio
Attachment:
pgpexGppImgUj.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
