[arch-general] makepkg security

Aaron Griffin aaronmgriffin at gmail.com
Fri Jul 10 10:28:43 EDT 2009


On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler<thomas at archlinux.org> wrote:
> Aaron Griffin schrieb:
>>>
>>> I agree. The question is not about makepkg security, but about sudo
>>> security. And frankly, sudo is a security desaster in its default
>>> configuration.
>>
>> Any suggestions for changing / shipping a better default config file?
>> I know little about the security implications of this, but I think we
>> should ship a decent default if possible.
>
> Our policy is usually to ship whatever upstream ships.

Not always - there has always been the "sane defaults" clause. We ship
lots of config files and additional config files that upstream
packages do not contain. Shipping and changing config files has
nothing to do with "vanilla" because it's how the application was
intended to work.

Besides that, I like your ideas here... but perhaps we should move
them to the pacman-dev list?


More information about the arch-general mailing list