Re: Signing a package
On 12 Sep 1997, Douglas Bates wrote:
> Is it necessary to use "sudo" to sign a package when running
> "dpkg-buildpackage"? The only examples I have seen have used -rsudo.
> I prefer not to use this if I can avoid it.
>
> <snip>
>
> 3) Please describe a minimal, secure /etc/sudoers file that would
> allow me to use dpkg-buildpackage -rsudo but not let the bad guys
> get root access.
>From what I understand, the only reason super user privileges are
required in to change the ownership of the package files (usually to
something like root).
I myself am using the package "super" to achieve this. The
configuration of super allows control of super user privileges by user
and program. I allow myself only super user priveleges when executing
chown.
In a thread earlier this year there was a discussion of solving this
problem by not changing ownership till after the package file was
created. I'm not sure anyone implemented this.
--
Jean Pierre
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: