[aur-requests] [PRQ#28011] Deletion Request for opendoas-bin
notify at aur.archlinux.org
notify at aur.archlinux.org
Sat Sep 4 23:16:09 UTC 2021
duncaen [1] filed a deletion request for opendoas-bin [2]:
This is a forked version of the community/opendoas package.
There are a number of issues:
* This could give the false impression that its the same project as
community/opendoas, the description is the same.
* They added a flag that accepts a password, which leaks the password
to anyone reading /proc/*/cmdline.
* This is a binary package for a setuid binary (from an untrusted
source), I only verified the "source", there is no guarantee that it
doesn't add more malicious code.
[1] https://aur.archlinux.org/account/duncaen/
[2] https://aur.archlinux.org/pkgbase/opendoas-bin/
More information about the aur-requests
mailing list