On Sat, 2010-05-15 at 03:32 +0200, Andreas Marschke wrote: > In that case why dont we as security aware people and people that think that > more hardened defaults should be applied, I think we (Debian as a collective) does apparently not think so, which is probably _not_ specifically proven by that umask002 issue, but many others. > go out and file bugs against them > providing atomic patches that the maintainer can review and then either apply > or talk back to the person filing the bug why this is not applicable for this > situation. See below in my previous mail... > I know we have a security team in Debian I guess the security team cannot do much here, expect a package would ship really extremely dangerously "open" configuration. But as our project leader wrote in just a few mails ago: Such "technical" details are under the aegis of the maintainer. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature