Aaron Griffin wrote:
On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler<thomas@archlinux.org> wrote:
Aaron Griffin schrieb:
I agree. The question is not about makepkg security, but about sudo security. And frankly, sudo is a security desaster in its default configuration.
Any suggestions for changing / shipping a better default config file? I know little about the security implications of this, but I think we should ship a decent default if possible.
Our policy is usually to ship whatever upstream ships.
Not always - there has always been the "sane defaults" clause. We ship lots of config files and additional config files that upstream packages do not contain. Shipping and changing config files has nothing to do with "vanilla" because it's how the application was intended to work.
The default sudo config is quite sane and secure... I believe it gives no-one rights to use sudo. Any lessening of security is purely the administrators responsibility. Allan