10 Jul
2009
10 Jul
'09
3:46 p.m.
On Fri 10 Jul 2009 17:25 +0200, Thomas Bächler wrote:
The original complaint was that when using makepkg -sic, the sudo password is cached after dependency installation and malicious sudo commands might be executed during build() as the password is cached.
My opinion on this is that we should not encourage people to use sudo, Aaron suggested to move it here for further discussion. What do you think?
Actually I think syncdeps and install should be removed from makepkg, just as builddeps was. Then sudo can be completely removed from makepkg. People may complain though.