[Secure-testing-team] Bug#484570: [motion] motion.conf world readable and thus writable through web interface by default
Thijs Kinkhorst
thijs at debian.org
Thu Jun 5 09:11:24 UTC 2008
On Thu, June 5, 2008 10:49, Nico Golde wrote:
> What is your argument against that? I think yes, for those
> who can include passwords this should be the case for the simple reason
> that this is the simplest solution for the problem.
I'm not principally oposed to that but I think in that case we'd better
make it a policy change rather than to being filing RC bugs on any package
that could possibly have secrets in a configuration file.
Thijs
More information about the Secure-testing-team
mailing list