On 15.08.2016 18:31, Emmanuel Bourg wrote: > On 08/15/2016 06:19 PM, Markus Koschany wrote: > >> This is the exact same change as currently in Stretch. This in an >> improvement and has no negative effect. > > This change has landed in Stretch 4 days ago only, we don't have enough > feedback on its impact. I suspect it may cause some problems in > environments where the Tomcat configuration is expected to be world > readable. I thought we agreed to keep that modification for Stretch only > when we discussed about #825786 [1]: > >>> Ok, the stable patch shouldn't change the permissions to 640 though. >> >> Fine with me. > > Emmanuel Bourg > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825786#75
First of all I thought we had agreed that I take care of this security
update.
I have prepared and tested this update and I came to the conclusion that
there is no need to revert the change from Stretch for Jessie again.
There is no technical or other logical reason to do so. We already chown
all files in /etc/tomcat8 to root:tomcat{7,8} on every update.
Why on earth should there be configurations out there that require these
files to be world readable if tomcat8 is able to read them anyway and we
have been enforcing ownership on package upgrades for years now?
There are regular backports of Tomcat{7,8} from Stretch to Jessie. It
would be totally inconsistent to use two different umasks for these
files now.
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
