> Build scripts should not run sudo or anything similar. If it does that anyway, it’s wrong. At best, it’s a packaging error, as sudo shouldn’t be expected to work in a non-interactive environment like a build chroot. Sometimes a packager mistakenly tries to move package files into place instead of adding them to the package.
Something I've noticed over time is that security and quality are connected, not inherently but in that there's a lot of overlap. Reviewing an AUR package should include making sure that it doesn't use sudo and doesn't move files into place directly because that's a possible flag for malicious behavior. But equally, sudo is unreliable in the build environment ("sudo shouldn’t be expected to work in a non-interactive environment like a build chroot"), and trying to directly place files instead of packaging them means the package won't upgrade, downgrade, or uninstall cleanly, and won't properly attribute files when you ask the system what owns them. I don't know how well it generalizes, but heuristically I've moved toward viewing security and quality as sufficiently overlapping that they can be treated as a single area.
yjftsjthsd-h•40m ago
Something I've noticed over time is that security and quality are connected, not inherently but in that there's a lot of overlap. Reviewing an AUR package should include making sure that it doesn't use sudo and doesn't move files into place directly because that's a possible flag for malicious behavior. But equally, sudo is unreliable in the build environment ("sudo shouldn’t be expected to work in a non-interactive environment like a build chroot"), and trying to directly place files instead of packaging them means the package won't upgrade, downgrade, or uninstall cleanly, and won't properly attribute files when you ask the system what owns them. I don't know how well it generalizes, but heuristically I've moved toward viewing security and quality as sufficiently overlapping that they can be treated as a single area.