[aur-general] Tarball Guidelines
keenerd
keenerd at gmail.com
Mon Dec 6 04:58:50 CET 2010
On Sun, Dec 5, 2010 at 10:55 PM, Loui Chang <louipc.ist at gmail.com> wrote:
> The problem is that namcap's implementation is not meant for untrusted
> PKGBUILDs. Sourcing those build files is a big security flaw, so we
> can't do that for the AUR.
Thankfully, what I'm doing here does not even look at the pkgbuild.
It just looks at the directory structure, runs "file" on everything
and compares this to a (tediously compiled) whitelist. Nothing fancy.
Would make a lot of sense to have it built in.
-Kyle
http://kmkeen.com
More information about the aur-general
mailing list