package dma severity 544664 serious tag 544664 + confirmed thanks On Wed, Sep 02, 2009 at 09:55:22AM +0200, Tino Keitel wrote: > Package: dma > Version: 0.0.2009.07.17-2 > Severity: normal > > Hi, > > the file /etc/dma/auth.conf is world readable after installation: > > $ ls -la /etc/dma/auth.conf > -rw-r--r-- 1 root root 186 Sep 1 21:57 /etc/dma/auth.conf > > While this file doesn't contain any secrets after installation, it is > intended to be filled with passwords by the user. So it should not be not > world readable by default.
Oof. Yes, I read your bug reports as soon as you sent them; I didn't reply because I hoped I would find the time in the next couple of days to actually update my dma snapshot to the latest DragonFlyBSD sources and upload a new version of dma fixing all those bugs. Unfortunately, I only found the time to look into it today, and I won't be able to prepare a new version of the package for upload by tomorrow. Thus, I'm raising the severity of the "world-readable auth.conf" bug in the hope that this will prevent dma from migrating to testing, as it is my opinion too that this would be undesirable at this moment. Thanks a lot for your feedback and for actually trying out dma! :) G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@space.bg r...@freebsd.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 What would this sentence be like if pi were 3?
pgprpPqpINZom.pgp
Description: PGP signature
