6 Dec
2010
6 Dec
'10
3:58 a.m.
On Sun, Dec 5, 2010 at 10:55 PM, Loui Chang <louipc.ist@gmail.com> wrote:
The problem is that namcap's implementation is not meant for untrusted PKGBUILDs. Sourcing those build files is a big security flaw, so we can't do that for the AUR.
Thankfully, what I'm doing here does not even look at the pkgbuild. It just looks at the directory structure, runs "file" on everything and compares this to a (tediously compiled) whitelist. Nothing fancy. Would make a lot of sense to have it built in. -Kyle http://kmkeen.com