Comment 4 for bug 785680

> daemon_create_user_authorized_cb() lacks a "--" in the argument builder, so accounts with a leading dash will be taken as an argument:

looking at adduser's source code, I see this comment:

(gtx("%s: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001).

So I guess we don't want to fix that. It works perfectly adding users with '-' and '_' in the name.

> Additionally, nothing validates the contents of user_name and real_name ("useradd" should, but best to do _some_ sanity checking).

the user accounts panel in gnome-control-center does check the user_name, and also accountsservice itself uses the regexp to check the validity of the user_name

> I see no way for the daemon to shut down during a package upgrade (and the associated postinst to perform that).

ok, added this to the attached package branch