Package: turses
Version: 0.2.20-1
Severity: important

Running turses for the first time, it helpfully creates ~/.turses.  I
don't think I mind that directory being world-accessible, but when it
authenticates to twitter and gets its token, it creates the "token"
file world readable as well, which is probably bad.  The "log" file
should potentially not be readable as well.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages turses depends on:
ii  python                2.7.5-5
ii  python-oauth2         1.5.211-2
ii  python-pkg-resources  3.4.4-1
ii  python-tweepy         2.3-1
ii  python-urwid          1.2.1-2+b1

Versions of packages turses recommends:
ii  turses-doc  0.2.20-1

turses suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to