On 06/09/15 06:02 AM, Mohammad_AlSaleh wrote: > On Fri, Sep 04, 2015 at 07:33:27PM -0400, Daniel Micay wrote: >> Either way, the package can do whatever it wants as root when it's >> installed. Building in a container is to provide protection from stupid >> mistakes, not an attacker. >> > > It think it would be useful if pacman warned against packages > containing setuid/setgid binaries.
That's not what I'm talking about. A package gets to do whatever it wants as root when it's installed without having any setuid binaries.
signature.asc
Description: OpenPGP digital signature
