On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler<thomas@xxxxxxxxxxxxx> wrote: > Aaron Griffin schrieb: >>> >>> I agree. The question is not about makepkg security, but about sudo >>> security. And frankly, sudo is a security desaster in its default >>> configuration. >> >> Any suggestions for changing / shipping a better default config file? >> I know little about the security implications of this, but I think we >> should ship a decent default if possible. > > Our policy is usually to ship whatever upstream ships. Not always - there has always been the "sane defaults" clause. We ship lots of config files and additional config files that upstream packages do not contain. Shipping and changing config files has nothing to do with "vanilla" because it's how the application was intended to work. Besides that, I like your ideas here... but perhaps we should move them to the pacman-dev list?
