1 |
> Yes, thanks, I'll be using that now. However, I still think it's more |
2 |
> secure to do everything as a regular user (including running all the |
3 |
> portage code!) and only elevating to root permissions for actual |
4 |
> merges. Otherwise you spend more time running things as root, even if |
5 |
> you drop for the builds, and it's possible for a bug to prevent the |
6 |
> privileges from being dropped. Anyway, just wanted to make that |
7 |
> point, obviously it's up to you guys to decide. |
8 |
> |
9 |
|
10 |
Really though, it only becomes insecure if the source code can't be |
11 |
trusted. This has become a bit more complicated/worrisome lately since |
12 |
it has been demonstrated that malicious source tarballs with the same |
13 |
md5sum as as the originals could be used to attack a gentoo install. I |
14 |
think steps are being taken to remove this possibility from affecting |
15 |
portage, however. |
16 |
|
17 |
Steve |
18 |
|
19 |
|
20 |
|
21 |
|
22 |
-- |
23 |
gentoo-dev@g.o mailing list |