On 22/08/10 12:37, James Pike wrote:
I believe arch currently runs install operations as root so the above method would increase security as it would remove the ability for packages to write to the file system in any way other than to $pkgdir (any writes that could theoretically escape the sandbox would only be as a user with low privileges anyway).
Just to be clear makepkg does not package as root unless the user explicitly asks for that to be done (and a big warning is printed if they do ask). Instead we use "fakeroot" to which as its name suggests provides a fake root environment.
Allan
