[Slackbuilds-users] How to contribute ?

[Phillip Warner]

For those concerned about the possible security implications of running SlackBuilds as root I will share part of my method of using SBo.

I always read through the scripts thoroughly unless I am already familiar with the script and author.

When I test scripts (both mine and others) I run them as my normal user first.  Simply comment out the "chown root:root" line and change $TMP from /tmp/SBo to ~/tmp/SBo.  I carefully check for any errors.  Any files trying to be written outside of DESTDIR will cause errors.  I also run my pkg-sanity script against the created package to check which system files (if any) will be overwritten, and I check the perms of the files.  Missing an executable bit on /etc can cause some temporary havoc on your system.

Also, whenever a new version of a SlackBuild is released I always diff it with the previous version.  This quickly allows me to see what has changed and often I will catch errors (such as a chown line still commented out).  People who submit SlackBuild should diff the official SBo versions of their scripts to see how they were modified (if at all).

--phillip