Aaron Griffin wrote:
On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler<thomas@xxxxxxxxxxxxx> wrote:
Aaron Griffin schrieb:
I agree. The question is not about makepkg security, but about sudo
security. And frankly, sudo is a security desaster in its default
configuration.
Any suggestions for changing / shipping a better default config file?
I know little about the security implications of this, but I think we
should ship a decent default if possible.
Our policy is usually to ship whatever upstream ships.
Not always - there has always been the "sane defaults" clause. We ship
lots of config files and additional config files that upstream
packages do not contain. Shipping and changing config files has
nothing to do with "vanilla" because it's how the application was
intended to work.
The default sudo config is quite sane and secure... I believe it gives
no-one rights to use sudo. Any lessening of security is purely the
administrators responsibility.
Allan
