[Secure-testing-team] Bug#484570: Bug#484570: [motion] motion.conf world readable and thus writable through web interface by default

Nico Golde debian-secure-testing+ml at ngolde.de
Thu Jun 5 13:38:16 UTC 2008


Hi Thijs,
* Thijs Kinkhorst <thijs at debian.org> [2008-06-05 11:35]:
> On Thu, June 5, 2008 10:49, Nico Golde wrote:
> > What is your argument against that? I think yes, for those
> > who can include passwords this should be the case for the simple reason
> > that this is the simplest solution for the problem.
> 
> I'm not principally oposed to that but I think in that case we'd better
> make it a policy change rather than to being filing RC bugs on any package
> that could possibly have secrets in a configuration file.

I submitted a wishlist bug against the policy for this. 
Though having a policy statement about this would also 
result in an RC bug if it's violated :)

Thanks for your input!
Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080605/e2b55488/attachment.pgp 


More information about the Secure-testing-team mailing list