Hi Tollef, On Sat, Mar 20, 2010 at 10:20:13AM +0100, Tollef Fog Heen wrote:
severity 574565 wishlist thanks ]] Jonas Smedegaard | Package: ssl-cert | Version: 1.0.25 | Severity: serious Serious? What would the justification for that be?
I used same severity as is used for piuparts discoveries of packages leaving behind files after purge.
No, that was not "justification", and frankly I was unable to locate any cleanup reuirements at all in Debian Policy, so I guess that you are free to treat such sanity as wishlist only.
| ssl-cert adds a group at install which is not removed again at purge. Yes, this is normal behaviour, and I think it's wanted behaviour in this case as you'll quite easily end up with files not owned by a named group if we remove the group again.
True, if we unconditionally remove the group.What I suggest is to remove it if unused, which I believe does not lead to the described problem.
| Also, since ssl-cert creates only a group, and order of install or | purge is nondeterministic, other packages cannot reliably cleanup the | group if they are purged last.Order of install is determined by dependency fields, quite deterministic, I'd say.
Ok, you are right that the use of Pre-Depends ensures install order. Depends does not. Pre-Depends is generally discouraged, however.
Common package managers like aptitude try hard to also order by Depends but that is not guaranteed, I believe.
| Problem discovered during resolving of bug#574214. This seems to be a missing depends on the group or failing to add the group if it does not exist already, not in any way related to whether ssl-cert removes the group on purge.
A missing Pre-Depends on ssl-cert would indeed solve that bug, yes. Pre-Depends are generally discouraged, however, and there is a better approach here - which is why I filed this other bugreport.
Only adding to the group if the group existed would also solve that bug (without strong dependency on ssl-cert: the package works fine without ssl-cert installed), but then there is the problem of non-deterministic install order.
What I did was to create the group if it did not exist already. I dislike this, however, as the package then second-guess parts of the functionality of ssl-cert which might change in the future (and if it changes then quite likely ssl-cert only cleans up conditionally if *upgrading* from an earlier version, not if freshly installed - which would then cause problems if other packages have second-guessed old behaviour of ssl-cert).
Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: Digital signature