On 08/08/14 03:43 AM, Ralf Mardorf wrote: > In the past, what packages provided by AUR needed signing, because after > uploading somebody manipulated the packages? AFAIK https for the AUR > downloads and checksums for the upstream downloads in the past didn't > cause that often serious trouble, IIRC it usually was safe. > > Is there such a security mechanism, if we build from ABS?
The AUR has had SQL injection vulnerabilities in the past. It has also had a fair number of CSRF / XSS vulnerabilities allowing actions to be taken on behalf of package maintainers. It's being well maintained now, but it's still written in a language with many easy ways to shoot yourself in the foot. AFAIK (too lazy to check) it also doesn't have a captcha or similar mechanism to defend against someone brute forcing the password of a specific user. The checksums are just blindly updated when either a new release is done or upstream decides to fiddle with the last release. The ideal is having a signed package (either binary or source) with signatures for the upstream sources and the new makepkg feature allowing the correct fingerprint to be added in the PKGBUILD.
signature.asc
Description: OpenPGP digital signature
