[arch-general] makepkg security
Allan McRae
allan at archlinux.org
Fri Jul 10 12:14:05 EDT 2009
Aaron Griffin wrote:
> On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler<thomas at archlinux.org> wrote:
>
>> Aaron Griffin schrieb:
>>
>>>> I agree. The question is not about makepkg security, but about sudo
>>>> security. And frankly, sudo is a security desaster in its default
>>>> configuration.
>>>>
>>> Any suggestions for changing / shipping a better default config file?
>>> I know little about the security implications of this, but I think we
>>> should ship a decent default if possible.
>>>
>> Our policy is usually to ship whatever upstream ships.
>>
>
> Not always - there has always been the "sane defaults" clause. We ship
> lots of config files and additional config files that upstream
> packages do not contain. Shipping and changing config files has
> nothing to do with "vanilla" because it's how the application was
> intended to work.
>
The default sudo config is quite sane and secure... I believe it gives
no-one rights to use sudo. Any lessening of security is purely the
administrators responsibility.
Allan
More information about the arch-general
mailing list