forwarded 571631 https://bugs.internet2.edu/jira/browse/SSPCPP-106 thanks
Dominic Hargreaves <d...@earth.li> writes: > # ls -l sp* > ls: cannot access sp*: No such file or directory > # shib-keygen > [...] > # ls -l sp* > -rw-r--r-- 1 root root 1164 Feb 26 15:39 sp-cert.pem > -rw-r--r-- 1 root root 1675 Feb 26 15:39 sp-key.pem > > I believe that sp-key.pem should not be made world-readable, and > therefore suggest that the script changes its umask accordingly, and > then chmods the non-private certificate to be world-readable afterwards. It's fixed in the current version, but in a weaker way: by removing permissions after creation. I added a note to SSPCPP-106 to find out upstream's opinion, though we certainly can fix this independently. Russ, what do you think? -- Thanks, Feri. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
