duncaen [1] filed a deletion request for opendoas-bin [2]:
This is a forked version of the community/opendoas package.
There are a number of issues: * This could give the false impression that its the same project as community/opendoas, the description is the same. * They added a flag that accepts a password, which leaks the password to anyone reading /proc/*/cmdline. * This is a binary package for a setuid binary (from an untrusted source), I only verified the "source", there is no guarantee that it doesn't add more malicious code.
[1] https://aur.archlinux.org/account/duncaen/ [2] https://aur.archlinux.org/pkgbase/opendoas-bin/
Request #28011 has been accepted automatically by the Arch User Repository package request system:
The user alerque deleted the package.
aur-requests@lists.archlinux.org