[Pkg-icecast-devel] Bug#519486: excessively restrictive permissions on some of the package's files

[Ivan Shmakov]

Package: icecast2
Version: 2.3.2-2
Severity: minor

	Currently, the package sets overly restrictive permissions on
	some of its files upon configuration.  Namely, the postinst
	script contains:

$ nl -ba /var/lib/dpkg/info/icecast2.postinst 
...
    41
    42  chown -R icecast2: /var/log/icecast2 /etc/icecast2
    43  chmod -R ug=rw,o=,ug+X /etc/icecast2
    44
...
$ 

	I deem o= unreasonable, as I see nothing wrong in, e. g., a user
	inspecting the XSL-templates provided.  Apparently, the only
	file which requires such a protection is
	/etc/icecast2/icecast.xml, since it contains a number of
	passwords.

	Furthermore, this setup effectively prevents a user from
	starting his own server, for the purposes of a test, or
	otherwise, as while the configuration file could easily be
	written using the documentation and the provided examples, the
	necessary XSL-templates won't be available.  (As a work-around,
	the user attempting to start a server could $ dpkg -x the
	package for the necessary files.)

	(Not to mention that it's unclear whether the XSL templates
	should be put into /etc at all.  Would it make sense to put,
	e. g., entire Web sites into /etc?  Especially when considering
	the sites based on some software, like Wiki engines, etc.)

-- 
FSF associate member #7257