Package: turses Version: 0.2.20-1 Severity: important Running turses for the first time, it helpfully creates ~/.turses. I don't think I mind that directory being world-accessible, but when it authenticates to twitter and gets its token, it creates the "token" file world readable as well, which is probably bad. The "log" file should potentially not be readable as well.
-- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages turses depends on: ii python 2.7.5-5 ii python-oauth2 1.5.211-2 ii python-pkg-resources 3.4.4-1 ii python-tweepy 2.3-1 ii python-urwid 1.2.1-2+b1 Versions of packages turses recommends: ii turses-doc 0.2.20-1 turses suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

