severity 890933 normal
thanks
On Tue, Feb 20, 2018 at 08:09:23PM +0100, Simon Boldinger wrote:
> Package: freeradius
> Severity: grave
> Tags: security
> Justification: user security hole
This is not correct, I explicitly stated that this is not a security issue:
If an administrator adds sensitive information to a config file
in /etc, it's the administrator's responsibility to adapt permissions
accordingly.
The questions is whether the default permissions are intentionally diverging
from the upstream defaults or not (i.e. just an oversight).
Cheers,
Moritz
