Hi! * Josh Triplett <j...@joshtriplett.org> [2011-04-05 06:08:21 CEST]: > sudo clears the environment by default. In particular, this removes any > proxy settings from the environment. Thus, out of the box, the user > can't configure a proxy the normal way (such as by using the desktop > environment's network proxy settings) and have it work for installing > packages.
Actually, allowing the user to set a proxy that the system doesn't know about is a high security risk. One would be able to set up a dedicated host which sends vulnerable packages for installations that the user would be able to install then. All is needed a snapshot of the archive a few days before a DSA got fixed and a user having sudo access just for apt/aptitude could install the vulnerable package then to gain root access. I think it's sane to not allow a user to set a proxy server for installing packages. If you can follow my reason feel free to close the bugreport. :) So long! Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los | -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
