On Tue, 2003-04-22 at 18:03, Canadilla, Pedro wrote: > Hi, > > In the maximum rpm doc, the examples are done with the user root. Are you > sure that this is wrong? It's not exactly "wrong" to build packages as root. But, what would happen if you try to build as a root package whose sources contain a troyan horse that is invoked during compilation? The troyan would be ran as root and could install itself easily in your system. This has happened in the past. If my memory serves me well, there were some versions of sendmail troyaned out. So the question is not if "it's wrong to build as root", but if "it's more secure to build as a regular, non-privileged user." -- Please AVOID sending me WORD, EXCEL or POWERPOINT attachments. See http://www.fsf.org/philosophy/no-word-attachments.html Linux Registered User #287198
