[PRQ#65768] Deletion Request for telive
MarsSeed [1] filed a deletion request for telive [2]: Abandoned VCS package in disguise from 2017, and it compromises system security: - installs a directory under root ("/tetra"), - copies executables inside /tetra, - runs chown -R :wheel on the whole tree of /tetra, with the aim of making it all writeable by the users of the group 'wheel', - if /tetra/bin/tetrad is executed, it creates and deletes directories and files, - if /tetra/scripts/install_telive.sh is executed, it uses sudo, downloads many git repos, compiles code from them, and installs files on its own. The first three problems have been pointed out by @Foxboron in AUR comment on 2017-11-30 but they are yet to be addressed. [1] https://aur.archlinux.org/account/MarsSeed/ [2] https://aur.archlinux.org/pkgbase/telive/
Request #65768 has been Accepted by Muflone [1]: [Autogenerated] Accepted deletion for telive. [1] https://aur.archlinux.org/account/Muflone/
participants (1)
-
notify@aur.archlinux.org