On Fri, Jul 10, 2009 at 04:01, Thomas Bächler<thomas@xxxxxxxxxxxxx> wrote: > Our policy is usually to ship whatever upstream ships. IMO, a good default > would be to set sudo to require the root password (not the user password) > and not cache any passwords at all. I strongly disagree with this. That's a disaster on a multiuser system. It purposely does *not* require the root password so that a user is responsible for only their own password, and so that you can limit their usage of superuser powers to only specific commands. > Also, I think instead of using sudo in makepkg, we should use su by default > (with an option to enable sudo). su always has a good default configuration > requiring the root password (it's also possible to set it to allow > password-less su in the pam configuration, but everyone who does that is > crazy anyway). > I don't think that should really be the default, personally. Sudo has been fine, I don't know of anyone having an actual issue with misuse.
