Jim Meyering <[EMAIL PROTECTED]> writes:
> Bob Friesenhahn <[EMAIL PROTECTED]> writes:
> | I am using CVS automake. After doing a 'make dist', I find that all
> | the files in my source directories are marked world read/write. This
> | makes it easier for others to add trojan horses to the code I write.
> Ick. Thanks for providing the impetus finally to fix this.
The permissions set by the distribution process have been discussed a few
times already, with this quote from (standards)Releases in context:
---------------------------------------------------------------------->
Make sure that the directory into which the distribution unpacks (as
well as any subdirectories) are all world-writable (octal mode 777).
This is so that old versions of `tar' which preserve the ownership and
permissions of the files from the tar archive will be able to extract
all the files even if the user is unprivileged.
----------------------------------------------------------------------<
I find it difficult agreeing with it, nowadays. Be very sure I'm not
pushing for this either, but maybe you guys are less free than I am :-).
--
François Pinard http://www.iro.umontreal.ca/~pinard
