On 05/18, Oon-Ee Ng wrote:
On Sun, May 18, 2014 at 12:57 AM, Bigby James bigby.ja...@crepcran.com
wrote:
On 05/17, Dimitris Zervas wrote:
On May 17, 2014 5:22:32 PM EEST, Roland Tapken m...@lalamuhkuh.de wrote:
BTW: Another good idea that would be helpful is add comments on installed
May I remind everyone that makepkg is a bash script.
Some might argue it's bloated and too long, while others might counter
that the discussion is going on way too long already and forking a
bash script for personal use would generally be an option.
I'd be glad if the devs kept things generally
On 05/17, Bardur Arantsson wrote:
On 2014-05-17 22:08, Bardur Arantsson wrote:
Hm. Rethinking this I was going to say something about listing (and
screening) all the files that a package *would* install, but it seems
that it's not possible to list files installed by a package before
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the PKGBUILD usually comes from an untrusted source and
may contain code to
The second idea is that this advice should prevent the script from
*accidentally* damage my system. But this could be prevented by using
fakeroot
(which is disabled when calling makepkg with --asroot according to the
manpage) or chroot. And actually the proper advice in this case should
be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 17.05.2014 14:40, schrieb Roland Tapken:
Hi,
I'm using arch for about half a year on a few systems, but every
time I install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My
On Sat, May 17, 2014 at 2:40 PM, Roland Tapken m...@lalamuhkuh.de wrote:
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the
Hi,
I would really like to help patching, but my time is extremely limited
(finals in 2 weeks).
Good luck! :)
I'll think I'll have a try, also my time is very limited, too :-)
Regards,
Roland
signature.asc
Description: This is a digitally signed message part.
On 05/17, Dimitris Zervas wrote:
On May 17, 2014 5:22:32 PM EEST, Roland Tapken m...@lalamuhkuh.de wrote:
BTW: Another good idea that would be helpful is add comments on installed
packages on pacman. e.g. why did you install them. But that's another thread
No offense, but if you need to
On Sat, May 17, 2014 at 03:49:49PM +0300, Dimitris Zervas wrote:
The second idea is that this advice should prevent the script from
*accidentally* damage my system. But this could be prevented by using
fakeroot
(which is disabled when calling makepkg with --asroot according to the
On Sun, May 18, 2014 at 12:57 AM, Bigby James bigby.ja...@crepcran.com wrote:
On 05/17, Dimitris Zervas wrote:
On May 17, 2014 5:22:32 PM EEST, Roland Tapken m...@lalamuhkuh.de wrote:
BTW: Another good idea that would be helpful is add comments on installed
packages on pacman. e.g. why did
On 2014-05-17 14:40, Roland Tapken wrote:
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the PKGBUILD usually comes
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I think is a valid assumption for pacman),
Is this so? I don't know since I've only scratched the surface of arch until
now. But
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I think is a valid assumption for pacman),
Is this so? I don't know since I've only
On 2014-05-17 22:08, Bardur Arantsson wrote:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Even if your assumption about pacman is correct: Just let the malicious
PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something like that
and you're doomed. No need for privilege
Am 17.05.2014 22:08, schrieb Bardur Arantsson:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I think is a valid assumption for
On 2014-05-17 22:55, ushi wrote:
Am 17.05.2014 22:08, schrieb Bardur Arantsson:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I
On 17/05/14 03:12 PM, Bardur Arantsson wrote:
On 2014-05-17 14:40, Roland Tapken wrote:
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first
在 2014-5-18,4:49,Bardur Arantsson s...@scientician.net 写道:
Hm. Rethinking this I was going to say something about listing (and
screening) all the files that a package *would* install, but it seems
that it's not possible to list files installed by a package before
installing it...?
(pacman
On 2014-05-17 15:49, Bardur Arantsson wrote:
On 2014-05-17 22:08, Bardur Arantsson wrote:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Even if your assumption about pacman is correct: Just let the
malicious
PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something
like that
20 matches
Mail list logo
