11 Jul
2009
11 Jul
'09
10:29 a.m.
The original complaint was that when using makepkg -sic, the sudo password is cached after dependency installation and malicious sudo commands might be executed during build() as the password is cached.
My opinion on this is that we should not encourage people to use sudo, Aaron suggested to move it here for further discussion. What do you think?
Couldn't you just add an option to kill sudo after dependency installation?