Our policy is usually to ship whatever upstream ships. IMO, a good default would be to set sudo to require the root password (not the user password) and not cache any passwords at all. I strongly disagree with this. That's a disaster on a multiuser system. It purposely does *not* require the root password so that a user is responsible for only their own password, and so that you can
On Fri, Jul 10, 2009 at 04:01, Thomas Bächler<thomas@archlinux.org> wrote: limit their usage of superuser powers to only specific commands.
Also, I think instead of using sudo in makepkg, we should use su by default (with an option to enable sudo). su always has a good default configuration requiring the root password (it's also possible to set it to allow password-less su in the pam configuration, but everyone who does that is crazy anyway).
I don't think that should really be the default, personally. Sudo has been fine, I don't know of anyone having an actual issue with misuse.