[pacman-dev] makepkg security
Loui Chang
louipc.ist at gmail.com
Fri Jul 10 11:46:21 EDT 2009
On Fri 10 Jul 2009 17:25 +0200, Thomas Bächler wrote:
> The original complaint was that when using makepkg -sic, the sudo
> password is cached after dependency installation and malicious sudo
> commands might be executed during build() as the password is cached.
>
> My opinion on this is that we should not encourage people to use
> sudo, Aaron suggested to move it here for further discussion. What do
> you think?
Actually I think syncdeps and install should be removed from makepkg,
just as builddeps was. Then sudo can be completely removed from makepkg.
People may complain though.
More information about the pacman-dev
mailing list