Package: rss2email Version: 1:3.8-1 Severity: normal Each time it is used to update list of feeds, r2e rewrites rss2email.cfg, and neglects to preserve its file permissions when doing so.
So, any rss2email user whose home directory is world readable, but who has locked down the permissions of their feed list to avoid exposing that private information, will have that defeated by r2e. I suppose the workaround is to lock down the permissions of ~/.local and ~/.config -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rss2email depends on: ii python-xdg 0.25-4 ii python2.7 2.7.8-6 ii python3-feedparser 5.1.3-2 ii python3-html2text 3.200.3-2 pn python3:any <none> rss2email recommends no packages. Versions of packages rss2email suggests: pn esmtp <none> -- no debconf information -- see shy jo -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

