[arch-general] [pacman-dev] Privilege separation in the pacman downloader (Was: Pacman Database Signatures)
eschwartz at archlinux.org
Fri Feb 7 01:14:58 UTC 2020
On 2/4/20 11:08 PM, Eli Schwartz wrote:
> Since I'm unfamiliar with apt and other tools, what exactly do they do?
> Given pacman/apt/your-choice-of-package-manager must somehow write to a
> cachedir, e.g. /var/cache/pacman/pkg, it would need a dedicated download
> user, which would then exclusively hold ownership of the cachedir.
> pacman is one big binary at the moment, it doesn't fork+exec to run
> collections of binaries implementing different parts of the package
> manager (which is actually a plus when it comes to speed), so this might
> entail major re-architecturing of that part of pacman. Doing it for
> external XferCommand programs could be a start.
> Is this a topic you're interested in exploring?
I've opened a feature request for this:
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1601 bytes
Desc: OpenPGP digital signature
More information about the arch-general