[arch-general] makepkg security
allan at archlinux.org
Fri Jul 10 12:14:05 EDT 2009
Aaron Griffin wrote:
> On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler<thomas at archlinux.org> wrote:
>> Aaron Griffin schrieb:
>>>> I agree. The question is not about makepkg security, but about sudo
>>>> security. And frankly, sudo is a security desaster in its default
>>> Any suggestions for changing / shipping a better default config file?
>>> I know little about the security implications of this, but I think we
>>> should ship a decent default if possible.
>> Our policy is usually to ship whatever upstream ships.
> Not always - there has always been the "sane defaults" clause. We ship
> lots of config files and additional config files that upstream
> packages do not contain. Shipping and changing config files has
> nothing to do with "vanilla" because it's how the application was
> intended to work.
The default sudo config is quite sane and secure... I believe it gives
no-one rights to use sudo. Any lessening of security is purely the
More information about the arch-general