[arch-general] makepkg security

Allan McRae allan at archlinux.org
Fri Jul 10 12:14:05 EDT 2009

Aaron Griffin wrote:
> On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler<thomas at archlinux.org> wrote:
>> Aaron Griffin schrieb:
>>>> I agree. The question is not about makepkg security, but about sudo
>>>> security. And frankly, sudo is a security desaster in its default
>>>> configuration.
>>> Any suggestions for changing / shipping a better default config file?
>>> I know little about the security implications of this, but I think we
>>> should ship a decent default if possible.
>> Our policy is usually to ship whatever upstream ships.
> Not always - there has always been the "sane defaults" clause. We ship
> lots of config files and additional config files that upstream
> packages do not contain. Shipping and changing config files has
> nothing to do with "vanilla" because it's how the application was
> intended to work.

The default sudo config is quite sane and secure...  I believe it gives 
no-one rights to use sudo.   Any lessening of security is purely the 
administrators responsibility.


More information about the arch-general mailing list