Re: Open then gates

To: debian-devel@lists.debian.org
Subject: Re: Open then gates
From: Aaron Toponce <aaron.toponce@gmail.com>
Date: Fri, 14 May 2010 23:27:57 -0600
Message-id: <[🔎] 4BEE30DD.408@gmail.com>
In-reply-to: <[🔎] 20100515004002.GB7441@ikki.ethgen.de>
References: <20091123233240.GB3498@rivendell> <20091124014626.GD29774@kunpuu.plessy.org> <20091124025256.GA11308@gnu.kitenet.net> <20091124071717.GD9409@rivendell> <87ocmqnghe.fsf@windlord.stanford.edu> <[🔎] 1273881425.31170.28.camel@fermat.scientia.net> <[🔎] 20100515001801.GA6442@upsilon.cc> <[🔎] 20100515004002.GB7441@ikki.ethgen.de>

On 05/14/2010 06:40 PM, Klaus Ethgen wrote:
> Oh, I will not make any more comment to that decision. Maybe I will
> search for a more secure distribution. This decision is much to much.
> And it is the last straw that breaks the camels back. Debian was was my
> favorite distribution for over ten years now but in the last time the
> concessions to colourful systems where user simplification goes over
> security is the wrong way.

If you think that changing the default umask to 0002 for user private
groups is compromising security, you don't understand the change, nor
the system its implemented upon. If you have questions about UPG, or
umask, feel free to ask. We'll try to help clear them up.

> Christoph did say it with the right words, just start to use Windows as
> base for the distribution. Sorry, but this is more and more the picture
> I have of Debian.

No, Christoph was just spreading FUD, as are you. This isn't about
Ubuntu, Windows, Mac or any other operating system. It's about correctly
identifying how to increase the functionality of the operating system.
Again, if you truly understood the change...

> Oh, there was technical arguments in the thread. But they was just
> ignored. But there was just one reason to make the umask that more
> insecure, and this is a very special usecase. Compared to the technical
> arguments against the change this has nearly no weight. (I was myself in
> the situation that I had to setup a directory for collaboration work.
> But this didn't need to set the umask of all members to a insecure
> umask.)

You need to explain clearly how the umask of 0002 is insecure. If you
have members in your user private group, then your group isn't private,
is it? UPG is designed to NOT have anyone else in your group except you.
So, adding the write bit on the group mode does not affect security in
the least.

> If they destroy a distribution, yes!

No one is destroying anything. It's rather unfortunate that you don't
understand the argument you're making.

-- 
. O .   O . O   . . O   O . .   . O .
. . O   . O O   O . O   . O O   . . O
O O O   . O .   . O O   O O .   O O O

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Open then gates
  - From: Robert Klotzner <robert.klotzner@gmx.at>

References:
- Re: Open then gates (was: UPG and the default umask)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Open then gates (was: UPG and the default umask)
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: Open then gates (was: UPG and the default umask)
  - From: Klaus Ethgen <Klaus@Ethgen.de>

Prev by Date: Re: Open then gates
Next by Date: Re: UPG and the default umask
Previous by thread: Re: Open then gates (was: UPG and the default umask)
Next by thread: Re: Open then gates
Index(es):
- Date
- Thread