Package: ftpbackup Version: 0.3-1 Severity: critical Tags: security As per Jakub's message in debian-devel: > # create BACKUPHOME if not exists > mkdir -p $BACKUPHOME No umask set anywhere in this script, so in default setup the directory (and later, the backup files) will be created readable to anyone.